Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Hijacked / Rootkit? / Virus?


  • This topic is locked This topic is locked
13 replies to this topic

#1 AWILD1

AWILD1

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 04 May 2010 - 11:25 AM

Hi, I have this Virus/Rootkit I can't seem to get rid of. A few days ago my PC, with Windows XP Professional, SP3 started acting weird with my Google searches being hijacked and then later, I had a fake program popup named "XP Smart Security" alerting to a bunch of fake virus's, etc., which also the program had disabled regedit, msconfig, and several other programs. After a day of trying, I was able to get everything working again and the fake program removed. Now I have a constant treat warning from my NOD32 that my C:\WINDOWS\system32\drivers\agp440.sys is infected with Win32/Olmarik.XG Patched. Also the same file located in my C:\WINDOWS\system32\dllcache folder. I was able to replace both at one time with a good version but later was replaced again with the same virus. Also, all my Google searches seem to be hijacked still with Malwarebytes constantly blocking the IP address range 213.163.89.104 - 213.163.89.107 mainly with an occasional block of IP 91.212.226.7 and a less frequent block of a couple other IP's.

I have tried several programs such as Malwarebytes, Ad-aware, Spybot Search and Destroy, SUPERAntiSpyware, UnHackMe, Hitman Pro 3.5, TDSSKiller, HijackThis, CCleaner, SDFIx all of which have been fully updated up to now and still no luck. I had tried a system restore a couple days ago back to what I believed was before any of this and still no luck. I tried Combofix but somehow it rendered my computer unbootable into Windows after it was not able to finish running it's course. After a day of messing with things I was able to fix that problem. After reading about Combofix more, I do not feel comfortable enough to use it without professional help so as to hopefully not run ito the same problem. I have Google searched and read for several hours all 4 symptoms ( Google searches HIjacked, The "XP SMART SECURITY" Virus, The IP's being blocked by Malwarebytes when a Google search is made and the constant agp440.sys virus alert) and they all seem to be linked in some way but I'm not finding anything working for me and all seem to use the Combofix which again, I'm not comfortable using on my own. I NEED HELP!

I posted the above in the wrong section several days ago... since then, I replaced the agp440.sys with a good version and set the file attributes to read only so it would not be constantly overwritten. I have been able to get things running somewhat better but believe I'm still infected with a rootkit\virus of some sort. I have tried several times to run GMER but it seems to only lock up windows and then I have to do a hard reboot... same thing in safe mode. I tried to run GMER last night before going to bed with everything else shut down and woke up to a black screen (crashed my video driver) and had to do a hard reboot yet again. When the GMER program is opened and before I hit the scan button with all the options listed in the preparation Guide, I can open the "Files" tab and it shows in red (hidden file) a sccfg.sys file located in the root directory of C:.

I will attach the 2 DDS files scanned from last night. Any help would be greatly appreciated!

DDS Log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Troy at 21:13:04.82 on Mon 05/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1530 [GMT -4:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Softex\OmniPass\scureapp.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Troy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1227215759&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D606275303&id=64855
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = http=
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Idea2 SidebarBrowserMonitor Class: {45ad732c-2ce2-4666-b366-b2214ad57a49} - c:\program files\desktop sidebar\sbhelp.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ForceField Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: ForceField Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerIEPlugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {00000000-5736-4205-0008-F7ED0776FB27} - No File
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /start_mode="auto"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://c:\program files\tomato\youtube video downloader\MDIEEx.dll/211
IE: {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {09FE188B-6E85-479e-9411-51FB2220DF80} - {45AD732C-2CE2-4666-B366-B2214AD57A49} - c:\program files\desktop sidebar\sbhelp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38e51477-ddb4-4aed-9d61-d0c193e10749}\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
Trusted Zone: aol.com\free
Trusted Zone: emipowered.net\fordvehicles.secure
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/44.10/uploader2.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230956794749
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\troy\applic~1\mozilla\firefox\profiles\h3jv2ls1.default\
FF - prefs.js: browser.startup.homepage - hxxp://login.passport.net/uilogin.srf?id=2
FF - component: c:\documents and settings\troy\application data\mozilla\firefox\profiles\h3jv2ls1.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\rapidsolution\tunebite\plugins\geckobased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdbplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\opera\program\plugins\npgcplug.dll
FF - plugin: c:\program files\opera\program\plugins\NPMetaStream3.dll
FF - plugin: c:\program files\opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\rapidsolution\tunebite\plugins\geckobased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-7 64288]
R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2009-1-5 26808]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [2009-6-16 244608]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-5-6 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-15 394952]
R2 IswSvc;ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2008-7-24 195832]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-6 304464]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2008-5-6 552064]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2004-8-11 547744]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-6 20952]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-8-2 23096]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-4-28 35816]
S2 CSIScanner;CSIScanner;"c:\program files\prevxcsi\prevxcsi.exe" /service --> c:\program files\prevxcsi\prevxcsi.exe [?]
S2 HDD & SSD access service;HDD & SSD access service;c:\program files\common files\binarysense\disksvc.exe [2009-8-13 205976]
S3 dlttape;dlttape;c:\windows\system32\drivers\dlttape.sys [2010-1-1 8320]
S3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2008-7-24 35072]
S3 KProcWatch;KProcWatch;c:\windows\system32\drivers\KProcWatch.sys [2009-9-16 8576]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-17 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-6-17 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-6-17 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-6-17 23680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [2009-7-4 395224]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional home 2009\RpcAgentSrv.exe [2009-1-3 98488]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2009-8-2 249856]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-5-9 18432]
S4 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-4-25 266240]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-17 135664]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1170768]
S4 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
S4 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
S4 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
S4 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2008-8-14 1124848]
S4 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]
S4 SureThing Labelflash service;SureThing Labelflash service;c:\program files\common files\surething shared\stllssvr.exe [2009-3-12 74392]

=============== Created Last 30 ================

2010-04-29 17:54:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-29 17:54:39 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-29 02:17:22 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-04-29 00:45:11 0 d-----w- c:\windows\ERUNT
2010-04-28 15:47:05 2188 ----a-w- c:\windows\system32\.crusader
2010-04-28 13:56:09 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-28 13:54:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-04-28 13:53:46 0 d-----w- c:\program files\Hitman Pro 3.5
2010-04-28 09:39:21 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-04-28 09:39:20 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-04-28 09:10:48 0 d-----w- C:\SDFix
2010-04-28 08:38:01 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-04-28 00:36:03 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-28 00:35:30 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-28 00:35:30 0 d-----w- c:\docume~1\troy\applic~1\SUPERAntiSpyware.com
2010-04-27 06:07:43 0 d-----w- c:\program files\Universal Shield 4.3.1
2010-04-26 07:44:01 0 d-----w- c:\windows\system32\wbem\Repository
2010-04-26 07:39:07 0 d-----w- c:\program files\Hotspot Shield
2010-04-26 04:20:14 0 d--h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-04-26 04:07:08 0 d-----w- c:\program files\Desktop Sidebar
2010-04-26 04:02:53 0 d-----w- c:\program files\Bonjour
2010-04-26 01:49:52 882 ----a-w- c:\windows\RegSDImport.xml
2010-04-26 01:49:52 879 ----a-w- c:\windows\RegISSImport.xml
2010-04-26 01:49:52 131 ----a-w- c:\windows\IDB.zip
2010-04-26 01:49:51 1152444 ----a-w- c:\windows\UDB.zip
2010-04-26 01:45:58 0 d-----w- c:\program files\common files\PC Tools
2010-04-26 01:45:55 0 d-----w- c:\program files\Spyware Doctor
2010-04-26 00:26:20 0 d-----w- c:\program files\SpywareBlaster
2010-04-25 23:57:26 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-25 22:04:48 0 dc----w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}(2)
2010-04-22 10:17:51 0 d-----w- c:\program files\The Misadventures Of P.B. Winterbottom
2010-04-21 10:00:30 0 d-----w- c:\program files\Pop Cap
2010-04-21 05:24:45 0 d-----w- c:\program files\HipSoft
2010-04-16 07:04:04 2060 ----a-w- c:\windows\system32\napaserv.zip
2010-04-15 10:51:31 2 --shatr- c:\windows\winstart.bat
2010-04-15 10:45:03 0 d-----w- c:\program files\UnHackMe
2010-04-14 18:03:48 0 d-----w- c:\docume~1\alluse~1\applic~1\InterVideo
2010-04-14 09:55:43 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

==================== Find3M ====================

2010-05-02 21:00:08 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-04-29 16:19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 16:19:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-14 18:45:59 6890 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-03-13 12:28:11 467 ----a-w- c:\program files\log.txt
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-04 18:29:34 94208 ----a-w- c:\windows\DUMP96f0.tmp
2010-02-03 03:23:07 88 --sh--r- c:\docume~1\alluse~1\applic~1\BEE7FBB2A6.sys
2008-05-07 01:49:38 8 --sh--r- c:\windows\system32\807B330B7D.sys
2009-02-10 21:11:24 56 --sh--r- c:\windows\system32\A6B2FBE7BE.sys
2009-02-10 21:36:13 88 --sh--r- c:\windows\system32\BEE7FBB2A6.sys
2009-05-26 06:51:42 8558 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-05-07 05:20:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050720080508\index.dat

============= FINISH: 21:15:16.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:51 PM

Posted 06 May 2010 - 05:37 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Then please post back here with the following:
  • log.txt
  • info.txt
  • mbam log

Thanks

unite.jpg


#3 AWILD1

AWILD1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 06 May 2010 - 09:11 PM

RSIT Log:

Logfile of random's system information tool 1.07 (written by random/random)
Run by Troy at 2010-05-06 21:29:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 46 GB (16%) free of 286 GB
Total RAM: 2559 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:30:11 PM, on 5/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Softex\OmniPass\scureapp.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Troy\Desktop\RSIT.exe
C:\Program Files\trend micro\Troy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...03&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ForceField Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: ForceField Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerIEPlugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /start_mode="auto"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll/211 (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0...inAxControl.CAB
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/44.10/uploader2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1230956794749
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} (BejeweledTwist Control) - http://www.worldwinner.com/games/v51/bejew...eweledtwist.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\PrevxCSI\prevxcsi.exe (file missing)
O23 - Service: HDD & SSD access service - BinarySense Ltd. - C:\Program Files\Common Files\BinarySense\disksvc.exe
O23 - Service: ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009\RpcAgentSrv.exe
O23 - Service: SMServer - SMServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13450 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2009-09-01 777392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-21 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-14 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45AD732C-2CE2-4666-B366-B2214AD57A49}]
Idea2 SidebarBrowserMonitor Class - C:\Program Files\Desktop Sidebar\sbhelp.dll [2006-07-09 278528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ForceField Toolbar Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerIEPlugin.dll [2008-07-24 359592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]
Tunebite_WebRipPlugin Class - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll [2009-03-05 144688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-17 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-17 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-29 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ForceField Toolbar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerIEPlugin.dll [2008-07-24 359592]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-17 279664]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-08-03 949376]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2008-07-24 445688]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"UnHackMe Monitor"=C:\Program Files\UnHackMe\hackmon.exe [2010-03-23 594144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-10-18 781656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2004-08-16 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\AOL 9.0 VR\AOL.EXE [2007-04-18 50736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CICache]
CICache.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [2009-12-30 523408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe [2008-08-10 80368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2004-08-18 1249280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5400]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE [2003-05-26 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1235372424\ee\AOLSoftware.exe [2008-11-06 41264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2005-07-22 28160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.EXE [2005-07-22 28160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mount.exe]
C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe [2008-04-11 374272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
C:\Program Files\Softex\OmniPass\scureapp.exe [2004-08-20 1769472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Privacy Suite RiskMonitor]
C:\Program Files\CyberScrub Privacy Suite\Launch.exe [2008-07-29 45192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Privacy Suite Scheduler]
C:\Program Files\CyberScrub Privacy Suite\Launch.exe [2008-07-29 45192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe [2008-08-14 240112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
*DISABLED*C:\Documents and Settings\Troy\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
c:\Program Files\Common Files\Corel\Standby\Standby.exe [2010-01-07 105632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-11 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\US4Service]
C:\Program Files\Universal Shield 4.3.1\US4Service.exe [2010-03-03 39488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebLink]
C:\Program Files\Softex\Weblink\WebLink.exe [2004-08-20 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XdriveTray]
xdrive.exe /trayicon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XdriveTrayIcon]
XdriveTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
C:\Program Files\Zinio\ZinioReader.exe [2009-07-21 2707526]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
C:\PROGRA~1\Amazon\AMAZON~1\ADVWIN~2.EXE [2009-04-10 97320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Troy^Start Menu^Programs^Startup^Iomega Product Registration.lnk]
C:\PROGRA~1\Iomega\REGIST~1\Register.exe [2004-02-04 16175104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch"=2
"RoxUpnpServer"=2
"RoxUPnPRenderer"=3
"RoxMediaDB"=3
"gusvc"=3
"US30Service"=3
"PnkBstrB"=2
"PnkBstrA"=2
"ose"=3
"odserv"=3
"Microsoft Office Groove Audit Service"=3
"WMPNetworkSvc"=3
"RoxWatch11"=2
"RoxMediaDB11"=3
"RoxLiveShare11"=2
"RoxLiveShare"=2
"Viewpoint Manager Service"=2
"HotspotShieldService"=3
"AOL ACS"=2
"MBAMService"=2
"SureThing Labelflash service"=3
"FLEXnet Licensing Service"=3
"Stuffit Archive Name Service"=2
"CSHelper"=2
"ADVService"=2
"Lavasoft Ad-Aware Service"=3
"IDriverT"=3
"HUPZAQF"=3
"Roxio Upnp Server 11"=2
"Roxio UPnP Renderer 11"=3
"iPod Service"=3
"Diskeeper"=2
"Apple Mobile Device"=2
"Bonjour Service"=2
"gupdate"=2
"PSI_SVC_2"=2
"idsvc"=3
"JavaQuickStarterService"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-12-11 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2004-08-20 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\klmdb.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Alien Arena 2007\crx.exe"="C:\Alien Arena 2007\crx.exe:*:Disabled:crx"
"C:\Documents and Settings\Troy\Desktop\FlashFXP_2.1_Final_Build924_Cracked\FlashFXP.exe"="C:\Documents and Settings\Troy\Desktop\FlashFXP_2.1_Final_Build924_Cracked\FlashFXP.exe:*:Enabled:FlashFXP"
"C:\Documents and Settings\Troy\Desktop\KKnD - Extreme\Kknd.exe"="C:\Documents and Settings\Troy\Desktop\KKnD - Extreme\Kknd.exe:*:Enabled:Kknd"
"C:\Documents and Settings\Troy\Desktop\Programs to setup\Program Files\AIM95\aim.exe"="C:\Documents and Settings\Troy\Desktop\Programs to setup\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Documents and Settings\Troy\Local Settings\Temp\nsj2C53.tmp\utorrent.exe"="C:\Documents and Settings\Troy\Local Settings\Temp\nsj2C53.tmp\utorrent.exe:*:Enabled:µTorrent"
"C:\Games\Quake III\quake3.exe"="C:\Games\Quake III\quake3.exe:*:Disabled:quake3"
"C:\NTDETECT.EXE"="C:\NTDETECT.EXE:*:Enabled:Enabled"
"C:\Program Files\A4Proxy\A4Proxy.exe"="C:\Program Files\A4Proxy\A4Proxy.exe:*:Enabled:Anonymity 4 Proxy Application"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Anti-Leech\ALIE_1.0.1.6\alhlp.exe"="C:\Program Files\Anti-Leech\ALIE_1.0.1.6\alhlp.exe:*:Enabled:Anti-Leech plugin helper program"
"C:\Program Files\Anti-Leech\ALIE_1.0.1.8\alhlp.exe"="C:\Program Files\Anti-Leech\ALIE_1.0.1.8\alhlp.exe:*:Enabled:Anti-Leech plugin helper program"
"C:\Program Files\AOL 9.0 VR\waol.exe"="C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL"
"C:\Program Files\AOL Games\Q-bert 2005\Q-bert 2005.exe"="C:\Program Files\AOL Games\Q-bert 2005\Q-bert 2005.exe:*:Disabled:Q*bert 2005"
"C:\Program Files\BitTorrent\btdownloadgui.exe"="C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\BPFTP Server\bpftpserver.exe"="C:\Program Files\BPFTP Server\bpftpserver.exe:*:Enabled:BulletProof FTP Server (http://www.bpftpserver.com)"
"C:\Program Files\Codemasters\Worms 4 Mayhem Online Demo\Worms 4 Mayhem Online Demo.exe"="C:\Program Files\Codemasters\Worms 4 Mayhem Online Demo\Worms 4 Mayhem Online Demo.exe:*:Enabled:Worms 4 Mayhem"
"C:\Program Files\Comcast Video Mail\Comcast_Video_Mail.exe"="C:\Program Files\Comcast Video Mail\Comcast_Video_Mail.exe:*:Enabled:Comcast_Video_Mail.exe"
"C:\Program Files\Common Files\AOL\1183129128\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1183129128\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Destiny\RadioDestiny Broadcaster\RadioDestiny Broadcaster.exe"="C:\Program Files\Destiny\RadioDestiny Broadcaster\RadioDestiny Broadcaster.exe:*:Enabled:RadioDestiny Broadcaster"
"C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe"="C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0\YTPro.exe:*:Enabled:Y!TunnelPro V2.0 Build 352"
"C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe"="C:\Program Files\DiskTrix\UltimateDefrag\UDefrag.exe:*:Enabled:UltimateDefrag V1.61"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\eXeem\eXeem.exe"="C:\Program Files\eXeem\eXeem.exe:*:Disabled:eXeem"
"C:\Program Files\FlashFXP\flashfxp.exe"="C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\FlashFXP 3.4\FlashFXP.exe"="C:\Program Files\FlashFXP 3.4\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
"C:\Program Files\Gizmo Project\Gizmo.exe"="C:\Program Files\Gizmo Project\Gizmo.exe:*:Disabled:Gizmo Project"
"C:\Program Files\Gizmo Project\mDNSResponder.exe"="C:\Program Files\Gizmo Project\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Hasbro Interactive\Scrabble v2.0\Scrabble v2.0.exe"="C:\Program Files\Hasbro Interactive\Scrabble v2.0\Scrabble v2.0.exe:*:Disabled:Scrabble v2"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\icuii\ICUII5.exe"="C:\Program Files\icuii\ICUII5.exe:*:Enabled:ICUII Video Chat Client"
"C:\Program Files\ICUII5\_ICUII5.exe"="C:\Program Files\ICUII5\_ICUII5.exe:*:Enabled:ICUII Video Chat Client"
"C:\Program Files\ICUII5\icuii5.exe"="C:\Program Files\ICUII5\icuii5.exe:*:Enabled:ICUII Video Chat Client"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImLc.exe"="C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\InterVideo\DVD6\WinDVD.exe"="C:\Program Files\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\Program Files\K-Lite\kazaa.core"="C:\Program Files\K-Lite\kazaa.core:*:Enabled:Kazaa"
"C:\Program Files\Kazaa Lite K++\KazaaLite.kpp"="C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Disabled:Delivery Manager Service"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Morpheus Ultra\Morpheus.exe"="C:\Program Files\Morpheus Ultra\Morpheus.exe:*:Enabled:M5Shell"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\nanoCom Corporation\iSpQ VideoChat\iSpQVideoChat72.exe"="C:\Program Files\nanoCom Corporation\iSpQ VideoChat\iSpQVideoChat72.exe:*:Enabled:iSpQ VideoChat"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Online TV Player\TVPlayer.exe"="C:\Program Files\Online TV Player\TVPlayer.exe:*:Enabled:TVPlayer"
"C:\Program Files\Paltalk Messenger\paltalk.exe"="C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:Paltalk Messenger 8.2"
"C:\Program Files\Paltalk Messenger\paltalk7.exe"="C:\Program Files\Paltalk Messenger\paltalk7.exe:*:Enabled:Paltalk Messenger 7.0"
"C:\Program Files\PC-Telephone\PCTel.exe"="C:\Program Files\PC-Telephone\PCTel.exe:*:Enabled:PC-Telephone Executable"
"C:\Program Files\ProxyWay\proxyway.exe"="C:\Program Files\ProxyWay\proxyway.exe:*:Enabled:proxyway"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek Client"
"C:\Program Files\Super Internet TV\OnlineTV.exe"="C:\Program Files\Super Internet TV\OnlineTV.exe:*:Enabled:Super Internet TV"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\Program Files\Valve\Half-Life 2\hl2.exe"="C:\Program Files\Valve\Half-Life 2\hl2.exe:*:Disabled:hl2"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\World of Warcraft\WoW-1.2.0-Patch-enGB-Downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.2.0-Patch-enGB-Downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module"
"C:\Program Files\Yak Community Client\YakCommunityClient.exe"="C:\Program Files\Yak Community Client\YakCommunityClient.exe:*:Enabled:Yak Community Client"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"F:\Program Files\AIM95\aim.exe"="F:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"F:\Program Files\Freeform Interactive\Purge\PurgeServ.exe"="F:\Program Files\Freeform Interactive\Purge\PurgeServ.exe:*:Disabled:Purge Dedicated Server"
"F:\WINDOWS\Desktop\Setup Files\KKND Extreme\KKND.EXE"="F:\WINDOWS\Desktop\Setup Files\KKND Extreme\KKND.EXE:*:Disabled:KKND"
"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe"="C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"F:\Program Files\IncrediMail\bin\IncMail.exe"="F:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"F:\Program Files\IncrediMail\bin\IMApp.exe"="F:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"F:\Program Files\IncrediMail\bin\ImpCnt.exe"="F:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Tencent\QQ Games\QQGames.exe"="C:\Program Files\Tencent\QQ Games\QQGames.exe:*:Enabled:QQ Games"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Troy\Desktop\Programs to setup\Program Files\AIM95\aim.exe"="C:\Documents and Settings\Troy\Desktop\Programs to setup\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\FlashFXP\flashfxp.exe"="C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\FlashFXP 3.4\FlashFXP.exe"="C:\Program Files\FlashFXP 3.4\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"F:\Program Files\AIM95\aim.exe"="F:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9fc0394-b7da-11dd-bb29-00038a000015}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-05-06 21:29:07 ----D---- C:\Program Files\trend micro
2010-05-06 21:29:04 ----D---- C:\rsit
2010-05-04 10:21:16 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-03 22:09:53 ----D---- C:\sscfg.sys123
2010-04-29 13:56:05 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-04-29 13:55:58 ----D---- C:\Program Files\Common Files\Java
2010-04-29 13:54:39 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-29 13:54:39 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-04-29 13:54:38 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-29 13:54:38 ----A---- C:\WINDOWS\system32\java.exe
2010-04-29 13:53:47 ----D---- C:\Program Files\Java
2010-04-29 13:53:09 ----D---- C:\Documents and Settings\Troy\Application Data\Sun
2010-04-29 13:24:01 ----SHD---- C:\Config.Msi
2010-04-28 20:45:11 ----D---- C:\WINDOWS\ERUNT
2010-04-28 17:49:01 ----A---- C:\WINDOWS\Partizan.txt
2010-04-28 09:54:01 ----D---- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2010-04-28 09:53:46 ----D---- C:\Program Files\Hitman Pro 3.5
2010-04-28 05:39:20 ----A---- C:\WINDOWS\system32\Partizan.exe
2010-04-28 05:10:48 ----D---- C:\SDFix
2010-04-27 20:36:03 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-27 20:35:30 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-27 20:35:30 ----D---- C:\Documents and Settings\Troy\Application Data\SUPERAntiSpyware.com
2010-04-27 02:07:43 ----D---- C:\Program Files\Universal Shield 4.3.1
2010-04-26 03:39:07 ----D---- C:\Program Files\Hotspot Shield
2010-04-26 00:20:14 ----HD---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-04-26 00:07:08 ----D---- C:\Program Files\Desktop Sidebar
2010-04-26 00:02:53 ----D---- C:\Program Files\Bonjour
2010-04-25 21:45:58 ----D---- C:\Program Files\Common Files\PC Tools
2010-04-25 21:45:55 ----D---- C:\Program Files\Spyware Doctor
2010-04-25 21:43:39 ----D---- C:\WINDOWS\ERDNT
2010-04-25 20:26:20 ----D---- C:\Program Files\SpywareBlaster
2010-04-25 18:04:48 ----DC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}(2)
2010-04-22 06:17:51 ----D---- C:\Program Files\The Misadventures Of P.B. Winterbottom
2010-04-21 06:00:30 ----D---- C:\Program Files\Pop Cap
2010-04-21 01:24:45 ----D---- C:\Program Files\HipSoft
2010-04-16 01:19:59 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2010-04-15 06:51:31 ----RASHOT---- C:\WINDOWS\winstart.bat
2010-04-15 06:45:03 ----D---- C:\Program Files\UnHackMe
2010-04-14 14:03:48 ----D---- C:\Documents and Settings\All Users\Application Data\InterVideo
2010-04-14 05:56:44 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2010-04-14 05:56:40 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2010-04-14 05:56:40 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2010-04-14 05:56:38 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2010-04-14 05:56:36 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2010-04-14 05:56:34 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2010-04-14 05:56:34 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2010-04-14 05:56:31 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2010-04-14 05:56:29 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2010-04-14 05:56:29 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2010-04-14 05:56:27 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2010-04-14 05:56:27 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2010-04-14 05:56:25 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2010-04-14 05:56:23 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2010-04-14 05:56:21 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2010-04-14 05:56:18 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2010-04-14 05:56:18 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2010-04-14 05:56:16 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2010-04-14 05:56:10 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2010-04-14 05:56:09 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2010-04-14 05:56:09 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2010-04-14 05:56:08 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2010-04-14 05:56:08 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2010-04-14 05:56:08 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-04-14 05:56:07 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2010-04-14 05:56:07 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2010-04-14 05:56:06 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2010-04-14 05:56:06 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2010-04-14 05:56:06 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2010-04-14 05:55:52 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-04-14 05:55:51 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2010-04-14 05:55:51 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2010-04-14 05:55:49 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2010-04-14 05:55:49 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2010-04-14 05:55:48 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2010-04-14 05:55:44 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2010-04-14 05:55:43 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2010-04-14 05:55:43 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2010-04-14 05:55:42 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2010-04-14 02:01:06 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-04-14 01:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 01:17:50 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 01:09:27 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 01:09:12 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 01:08:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 01:08:12 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

======List of files/folders modified in the last 1 months======

2010-05-06 21:30:15 ----D---- C:\WINDOWS\Temp
2010-05-06 21:29:44 ----D---- C:\WINDOWS\Prefetch
2010-05-06 21:29:07 ----D---- C:\Program Files
2010-05-06 13:14:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-05 23:57:47 ----D---- C:\WINDOWS\Internet Logs
2010-05-05 11:28:21 ----D---- C:\Documents and Settings\Troy\Application Data\ContentGuard
2010-05-04 12:28:33 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-04 10:46:31 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-04 10:21:16 ----D---- C:\WINDOWS
2010-05-04 09:59:59 ----D---- C:\Program Files\CCleaner
2010-05-03 21:39:34 ----D---- C:\WINDOWS\system32
2010-05-02 18:50:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-05-02 09:01:32 ----D---- C:\Program Files\Common Files\Adobe
2010-04-30 04:21:08 ----D---- C:\Documents and Settings\All Users\Application Data\AutoHideIP
2010-04-30 04:08:00 ----HD---- C:\WINDOWS\system32\drivers
2010-04-30 00:38:22 ----SHD---- C:\System Volume Information
2010-04-30 00:38:22 ----D---- C:\WINDOWS\system32\Restore
2010-04-29 23:20:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-29 15:48:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-29 14:47:02 ----SH---- C:\boot.ini
2010-04-29 14:47:02 ----A---- C:\WINDOWS\win.ini
2010-04-29 14:47:02 ----A---- C:\WINDOWS\system.ini
2010-04-29 13:56:04 ----SHD---- C:\WINDOWS\Installer
2010-04-29 13:55:58 ----D---- C:\Program Files\Common Files
2010-04-29 13:50:53 ----D---- C:\Program Files\Adobe
2010-04-29 13:28:47 ----D---- C:\WINDOWS\WinSxS
2010-04-28 11:36:31 ----D---- C:\Program Files\Games
2010-04-28 11:24:37 ----D---- C:\Documents and Settings\All Users\Application Data\DeskShare
2010-04-28 09:49:31 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2010-04-28 06:35:25 ----D---- C:\Program Files\Internet Explorer
2010-04-28 06:27:21 ----D---- C:\Program Files\IDA
2010-04-28 06:17:17 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2010-04-28 06:00:35 ----A---- C:\WINDOWS\system32\xpji52vg.bat
2010-04-28 05:27:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-28 05:27:11 ----D---- C:\Program Files\ESET
2010-04-27 22:46:37 ----D---- C:\Program Files\Registry Workshop
2010-04-27 21:40:40 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2010-04-27 21:40:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-04-27 20:34:47 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-27 18:31:55 ----D---- C:\WINDOWS\security
2010-04-26 22:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2010-04-26 09:46:22 ----D---- C:\WINDOWS\Debug
2010-04-26 09:46:20 ----D---- C:\WINDOWS\Minidump
2010-04-26 07:21:57 ----D---- C:\Program Files\ATI Technologies
2010-04-26 04:37:45 ----HD---- C:\WINDOWS\inf
2010-04-26 03:47:51 ----D---- C:\WINDOWS\system32\config
2010-04-26 03:44:04 ----D---- C:\WINDOWS\system32\wbem
2010-04-26 03:44:01 ----D---- C:\WINDOWS\Registration
2010-04-26 02:34:02 ----D---- C:\Documents and Settings\Troy\Application Data\Disney Interactive Studios
2010-04-26 02:32:18 ----D---- C:\WINDOWS\system
2010-04-26 02:32:17 ----HD---- C:\WINDOWS\msdownld.tmp
2010-04-26 02:32:17 ----D---- C:\WINDOWS\system32\DirectX
2010-04-26 00:22:14 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-26 00:21:51 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-04-26 00:20:55 ----D---- C:\Program Files\Lavasoft
2010-04-26 00:02:28 ----D---- C:\Program Files\Slingo Supreme
2010-04-25 22:48:30 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-04-25 20:33:10 ----SD---- C:\WINDOWS\Tasks
2010-04-21 04:09:04 ----D---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2010-04-18 06:17:57 ----D---- C:\Program Files\PeerBlock
2010-04-17 22:29:39 ----D---- C:\Program Files\PeerGuardian2
2010-04-14 11:26:49 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2010-04-14 11:26:48 ----D---- C:\Program Files\Corel
2010-04-14 11:11:45 ----D---- C:\Program Files\Common Files\Ulead Systems
2010-04-14 05:56:05 ----RSD---- C:\WINDOWS\assembly
2010-04-14 01:58:22 ----D---- C:\Program Files\Zinio
2010-04-14 01:18:07 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 01:08:35 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 c2scsi;c2scsi; C:\WINDOWS\system32\drivers\c2scsi.sys [2007-08-30 244608]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2009-08-03 15424]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 US30Sys;US30Sys; C:\WINDOWS\System32\Drivers\US30XP.sys [2009-10-13 71168]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-08-03 512096]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2001-12-27 67072]
R2 windrvNT;windrvNT; \??\C:\WINDOWS\system32\windrvNT.sys []
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-23 547744]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-12-11 4525056]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-08-31 20480]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2005-08-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-07-29 11988]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-07-22 26112]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-07-22 68864]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-02-03 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-09-03 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-02-28 545024]
R3 SndTAudio;SndTAudio; C:\WINDOWS\system32\drivers\SndTAudio.sys [2009-05-06 23096]
R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2009-01-23 37664]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-07-29 23000]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 dlttape;dlttape; C:\WINDOWS\system32\DRIVERS\dlttape.sys [2008-04-13 8320]
S3 E1000;Intel® PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2005-06-29 163840]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
S3 icsak;icsak; \??\C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys []
S3 KProcWatch;KProcWatch; \??\C:\WINDOWS\system32\drivers\KProcWatch.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\System32\Drivers\L8042Kbd.sys [2006-03-28 13568]
S3 L8042mou;L8042mou; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
S3 LHidFilt;LHidFilt; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
S3 LMouFilt;LMouFilt; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
S3 LUsbFilt;LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 P1001VID;Creative WebCam (WDM); C:\WINDOWS\system32\DRIVERS\P1001Vid.sys [2002-01-29 395224]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2008-08-11 57328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-12-11 602112]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 IswSvc;ForceField IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2008-07-24 195832]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-08-03 552064]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2004-08-20 68704]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-06-02 593920]
S2 CSIScanner;CSIScanner; C:\Program Files\PrevxCSI\prevxcsi.exe /service []
S2 HDD & SSD access service;HDD & SSD access service; C:\Program Files\Common Files\BinarySense\disksvc.exe [2009-08-13 205976]
S2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009\RpcAgentSrv.exe [2008-09-01 98488]
S3 SMServer;SMServer; C:\WINDOWS\system32\snmvtsvc.exe [2009-05-06 249856]
S4 ADVService;Amazon Unbox Video Service; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [2009-04-10 25640]
S4 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 CSHelper;CopySafe Helper Service; C:\WINDOWS\system32\CSHelper.exe [2009-04-25 266240]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-12 651720]
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-17 135664]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-17 182768]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-29 153376]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-18 1170768]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-15 66872]
S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-15 107832]
S4 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
S4 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11; C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [2008-08-14 313840]
S4 Roxio Upnp Server 11;Roxio Upnp Server 11; C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [2008-08-14 367088]
S4 RoxLiveShare;LiveShare P2P Server; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2005-10-21 229376]
S4 RoxLiveShare11;LiveShare P2P Server 11; C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [2008-08-14 309744]
S4 RoxMediaDB;RoxMediaDB; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [2005-10-21 864256]
S4 RoxMediaDB11;RoxMediaDB11; C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2008-08-14 1124848]
S4 RoxUPnPRenderer;RoxUpnpRenderer; C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe [2005-10-21 45056]
S4 RoxUpnpServer;RoxUpnpServer; C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe [2005-10-21 405504]
S4 RoxWatch;Roxio Hard Drive Watcher; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2005-10-21 155648]
S4 RoxWatch11;Roxio Hard Drive Watcher 11; C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [2008-08-14 170480]
S4 Stuffit Archive Name Service;Stuffit Archive Name Service; C:\Program Files\Smith Micro\StuffIt 2009\ArcNameService.exe [2008-12-19 199000]
S4 SureThing Labelflash service;SureThing Labelflash service; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2009-01-29 74392]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


RSIT Info:

info.txt logfile of random's system information tool 1.06 2010-05-06 21:30:24

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {7B91CBFD-0671-4819-9724-CABE3014E886}
-->C:\WINDOWS\WEBDELC.EXE -[WebCam Control
-->C:\WINDOWS\WEBDELC.EXE -[WebCam Monitor
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1.2.102-->"C:\Program Files\MindHabits\Trainer\unins000.exe"
12AquariumRealLife12_D-->"C:\Aquarium Real Life 12\uninstall 12Aquari.exe"
13AquariumRealLife13_D-->"C:\Aquarium Real Life 13\uninstall 13Aquari.exe"
3 Days - Zoo Mystery 1.00-->C:\Program Files\Games\3 Days - Zoo Mystery\Uninstall.exe
3D Bungalow Aquarium Screensaver 1.1-->"C:\Program Files\Astro Gemini Software\3D Bungalow Aquarium Screensaver\unins000.exe"
3D Crazy Mechanic Clock 2.2-->"C:\Program Files\CSMechClock\unins000.exe"
3D Galaxy Journey Screensaver-->"C:\Program Files\3Deep Space\3D Galaxy Journey Screensaver\unins000.exe"
3D Interstellar Voyager-->"C:\Program Files\3Deep Space\3D Interstellar Voyager Screensaver\unins000.exe"
3D Solar System Screensaver-->"C:\Program Files\3Deep Space\3D Solar System Screensaver\unins000.exe"
3D Solar Traveler-->"C:\Program Files\3Deep Space\3D Solar Traveler Screensaver\unins000.exe"
3D Supernova Screensaver-->"C:\Program Files\3Deep Space\3D Supernova Screensaver\unins000.exe"
3D Wild Dolphin Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\3D Wild Dolphin Screensaver\unins000.exe"
3DGreetings Personal Edition-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DGreetings Personal Edition\Uninst.isu"
3Planesoft Screensaver Manager 1.1-->"C:\Program Files\3Planesoft Screensaver Manager\unins000.exe"
3Tones-->"C:\WINDOWS\3Tones\uninstall.exe" "/U:C:\Program Files\3Tones\Uninstall\uninstall.xml"
4 Elements-->"C:\Program Files\4 Elements\ReflexiveArcade\unins000.exe"
4 Elements-->"C:\Program Files\4 Elements\Uninstall.exe"
4Media HD Video Converter-->C:\Program Files\4Media\HD Video Converter\Uninstall.exe
7AquariumRealLife7Demo-->"C:\Aquarium Real Life 7\uninstall 7Aquariu.exe"
A Fairy Tale-->C:\Program Files\A Fairy Tale\Uninstal.exe
A Vampyre Story 1.00-->C:\Program Files\Games\A Vampyre Story\Uninstall.exe
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player-->msiexec /qb /x {1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Media Player-->MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Affair Bureau 1.00-->C:\Program Files\Games\Affair Bureau\Uninstall.exe
AIM 6-->C:\Program Files\AIM6\uninst.exe
Aim Plugin for QQ Games-->C:\Program Files\Tencent\QQ Games\Plugin\Uninstall.EXE
Aimersoft WMV Movie Converter(Build 1.0.23)-->"C:\Program Files\Aimersoft\WMV Movie Converter\unins000.exe"
AIMTunes-->C:\Program Files\AIMTunes\Uninstall.exe
AirPlus G-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025}
Alex Gordon-->C:\Program Files\Alawar\AlexGordon\Uninstall.exe
Alive YouTube Video Converter (version 2.1.0.9)-->"C:\Program Files\AliveMedia\YouTube Video Converter\unins000.exe"
Allway Sync version 8.2.1-->"C:\Program Files\Allway Sync\unins000.exe"
Amazon Unbox Video-->C:\Program Files\InstallShield Installation Information\{54A4839E-87F8-4BD1-9682-A349E9943F0A}\setup.exe -runfromtemp -l0x0409
Ancient Castle 3D Screensaver 1.1-->"C:\Program Files\Ancient Castle 3D Screensaver\unins000.exe"
Animation Workshop-->C:\WINDOWS\ALCHUNIN.EXE C:\Program Files\Alchemy Mindworks\Animation Workshop\INSTALLD.TXT
Ankh - Heart of Osiris-->"C:\Program Files\Xider\Ankh - Heart of Osiris\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Aqua Real-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E66C7FF-F827-4AEF-A998-932EA824998B}\setup.exe" -l0x9
Aquarius Soft PC Alarm Clock Professional-->"C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe" -r
Around the World: Rome 1.0-->"C:\Program Files\Astro Gemini Software\Around the World - Rome\unins000.exe"
Astro Gemini Screensaver Manager 2.0-->"C:\Program Files\Astro Gemini Software\Screensaver Manager\unins000.exe"
ATI AVIVO Codecs-->MsiExec.exe /I{0E71E901-F276-7025-4317-E086EEA7C4B3}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Atlantis 3D Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\Atlantis 3D Screensaver\unins000.exe"
Auto Hide IP-->"C:\Program Files\AutoHideIP\uninst.exe"
AVIConverter 5.1.0-->C:\Program Files\AVIConverter\uninst.exe
AVS Audio Converter version 5.1-->"C:\Program Files\AVS4YOU\AVSAudioConverter\unins000.exe"
AVS Audio Tools version 3.6.1-->"C:\Program Files\AVSMedia\AudioTools\unins000.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Beachhead 2000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Beachhead 2000\Uninst.isu"
Best Buy Digital Music Store-->C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\INSTALL.LOG
Blue Squirrel ClickBook 12-->"C:\Program Files\Blue Squirrel\ClickBook\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broken Hearts. A Soldier's Duty Final-->C:\Program Files\Big Fish Games\Broken Hearts. A Soldier's Duty\Uninstall.exe
BusinessCardsMX 3.98-->"C:\Program Files\MOJOSOFT\BusinessCardsMX3\unins000.exe"
Call of Duty® - World at War™-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
CapTrue-->C:\Program Files\CapTrue\uninstall.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Christmas 3D Screensaver 1.0-->"C:\Program Files\Christmas 3D Screensaver\unins000.exe"
Clock Tower 3D Screensaver 1.1-->"C:\Program Files\Clock Tower 3D Screensaver\unins000.exe"
CloneDVD 4.3.0.2-->"C:\Program Files\CloneDVD\unins000.exe"
CoffeeCup Shopping Cart Creator After Twilight Pack-->C:\Program Files\CoffeeCup Software\CoffeeCup ShoppingCart\templatesaftertwilightpack\uninstall.exe
CoffeeCup Shopping Cart Creator Bright Side Pack-->C:\Program Files\CoffeeCup Software\CoffeeCup ShoppingCart\templatesbrightsidepack\uninstall.exe
CoffeeCup Shopping Cart Creator Google Checkout Activation-->C:\Program Files\CoffeeCup Software\CoffeeCup ShoppingCart\gcuninstaller\uninstall.exe
CoffeeCup Shopping Cart Creator Sophistication Pack-->C:\Program Files\CoffeeCup Software\CoffeeCup ShoppingCart\templatessophisticationpack\uninstall.exe
CoffeeCup Shopping Cart Creator-->C:\Program Files\CoffeeCup Software\CoffeeCup ShoppingCart\uninstall.exe
Coral Clock 3D Screensaver 1.0-->"C:\Program Files\Coral Clock 3D Screensaver\unins000.exe"
Corel PaintShop Photo Pro X3-->c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\Setup\{D1AEB5DB-04FA-489D-94EF-8600898B93EE}\SetupARP.exe /arp
CraigsPalFree version 3.24-->"C:\Program Files\CraigsPalFree\unins000.exe"
Creative WebCam Control-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\WebCam Control\DeIsL1.isu"
Creative WebCam Driver-->C:\WINDOWS\CtDrvIns.exe -uninstall USB\VID_041E&PID_400D -plugin P1001Pin.dll -pluginres P1001Pin.crl
Creative WebCam Manual (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Manual\English\CTManual.isu"
Creative WebCam Monitor-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\WebCam Monitor\DeIsL1.isu"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Crystal Cave Classic 1.0-->C:\Program Files\Crystal Cave Classic\uninst.exe
Cubis Gold 2-->"C:\Program Files\Cubis Gold 2\ReflexiveArcade\unins000.exe"
CyberScrub® Privacy Suite™ 5.1-->"C:\Program Files\CyberScrub Privacy Suite\unins000.exe"
Daniusoft Media Converter Pro(Build 2.4.1.1)-->"C:\Program Files\Daniusoft\Media Converter Pro\unins000.exe"
DataPilot-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}
Discovery 3D Screensaver 1.1-->"C:\Program Files\Discovery 3D Screensaver\unins000.exe"
Dream Chronicles - The Chosen Child Deluxe-->"C:\Program Files\Zylom Games\Dream Chronicles - The Chosen Child Deluxe\GameInstlr.exe" --uninstall UnInstall.log
Dream Pinball 3D-->C:\PROGRA~1\TopWare\DREAMP~1\Unwise.exe /U C:\PROGRA~1\TopWare\DREAMP~1\install.log
DreamLight Photo Editor 2.7-->"C:\Program Files\DreamLight Photo Editor\unins000.exe"
DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
Earth 3D Space Tour screensaver v1.1-->"C:\Program Files\3D Space Tour\Earth 3D\unins000.exe"
Elements-->C:\Program Files\MumboJumbo\Elements\uninstall.exe Elements
EMC 11 Content-->MsiExec.exe /X{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Escape Rosecliff Island v1.0.0.2 (03132009)-->C:\PROGRA~1\POPCAP~1\ESCAPE~1\UNWISE.EXE C:\PROGRA~1\POPCAP~1\ESCAPE~1\INSTALL.LOG
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
EVEREST Ultimate Edition v5.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
eXtreme Movie Manager 6.6.2.0 - Full Install!-->"C:\Program Files\eXtreme Movie Manager\unins000.exe"
Fantasy Moon 3D Screensaver 1.3-->"C:\Program Files\Fantasy Moon 3D Screensaver\unins000.exe"
File Recover 7.0-->"C:\Program Files\File Recover\unins000.exe"
File Shredder 2.0-->"C:\Program Files\File Shredder\unins000.exe"
Fish Aquarium 3D Screensaver 1.2-->"C:\Program Files\Astro Gemini Software\Fish Aquarium 3D Screensaver\unins000.exe"
Fishdom H2O: Hidden Odyssey Beta 0.9b-->"C:\Program Files\Playrix Entertainment\Fishdom H2O - Hidden Odyssey Beta\unins000.exe"
Fortop Album Creator 1.7-->"C:\Program Files\Fortop Digital Software\Fortop Album Creator\unins000.exe"
Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Galaxy 3D Space Tour screensaver v1.0-->"C:\Program Files\3D Space Tour\Galaxy 3D\unins000.exe"
Garmin POI Loader-->MsiExec.exe /X{328019A7-0012-401D-96A2-4CDDD02675A8}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Halloween 3D Screensaver 1.1-->"C:\Program Files\Halloween 3D Screensaver\unins000.exe"
Hawaiian Explorer - Lost Island 1.0-->C:\Program Files\Games\Hawaiian Explorer - Lost Island\uninstall.exe
Hidden Expedition - Titanic Fyrrion-->C:\Program Files\Cwer\Hidden Expedition - Titanic\Uninstall.exe
Hidden Finder 1.5.5-->"C:\Program Files\HiddenFinder\unins000.exe"
HijackThis 1.99.1-->C:\Documents and Settings\Troy\Desktop\System Programs\HijackThis.exe /uninstall
Hitman Pro 3.5-->"C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /uninstall
Home Audiometer Hearing Test-->"C:\Program Files\Home Audiometer\unins000.exe"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB939209)-->"C:\WINDOWS\$NtUninstallKB939209$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hoyle Casino 2009-->C:\Program Files\Encore\Hoyle Casino 2009\Uninstall.exe
Hoyle Casino 2010 (remove only)-->"C:\Program Files\Encore\Hoyle Casino 2010\Uninstall.exe"
Hoyle Slots 2010 (remove only)-->"C:\Program Files\Encore\Hoyle Slots 2010\Uninstall.exe"
HP StorageWorks Library and Tape Tools-->"C:\Program Files\InstallShield Installation Information\{42A6C8F8-1DB5-4A0B-8841-7423C4C5BC54}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP StorageWorks Library and Tape Tools-->MsiExec.exe /I{42A6C8F8-1DB5-4A0B-8841-7423C4C5BC54}
Iconoid Version 3.8.5-->"C:\Program Files\Iconoid\unins000.exe"
IE7Pro-->C:\Program Files\IEPro\uninst.exe
ImTOO Download YouTube Video-->C:\Program Files\ImTOO\Download YouTube Video\Uninstall.exe
IncrediMail-->C:\PROGRA~1\INCRED~1\UNWISE.EXE C:\PROGRA~1\INCRED~1\INCMAIL.LOG
Infinite Patience v2.2-->"C:\WINDOWS\UNISTB32.EXE" /U "C:\Games\Patience\UNINST0.000" "C:\Games\Patience\UNINST1.000"
Insider Tales The Stolen Venus 1.00-->C:\Program Files\Games\Insider Tales The Stolen Venus\Uninstall.exe
Intel® PRO Network Connections Drivers-->Prounstl.exe
Java™ 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
K-Lite Mega Codec Pack 4.2.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
KMA-->C:\EBook\Uninstall KMA.exe
Learn to Speak Spanish Essentials 9-->C:\PROGRA~1\THELEA~1\LEARNT~1\UNWISE.EXE C:\PROGRA~1\THELEA~1\LEARNT~1\INSTALL.LOG
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Life Photo Maker-->"C:\Program Files\LifePhotoMaker\Uninstall.exe"
Lighthouse 3D Screensaver 1.2-->"C:\Program Files\Astro Gemini Software\Lighthouse 3D Screensaver\unins000.exe"
Liong: The Lost Amulets-->"C:\Program Files\Liong - The Lost Amulets\Uninstall.exe"
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Lost in Reefs-->"C:\WINDOWS\Lost in Reefs\uninstall.exe" "/U:C:\Program Files\Lost in Reefs\Uninstall\uninstall.xml"
Machinarium-->C:\Program Files\Machinarium\uninst.exe
Madballs in Babo Invasion-->"C:\Program Files\Playbrains\Madballs in Babo Invasion\unins000.exe"
Magic Ball 4-->C:\Program Files\Alawar\MagicBall4\Uninstall.exe
Magic ISO Maker v5.5 (build 0265)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mars 3D Space Tour screensaver v1.1-->"C:\Program Files\3D Space Tour\Mars 3D\unins000.exe"
Match-Up!-->MsiExec.exe /I{439800C9-FD42-4EA3-94D2-063DF0926873}
Mechanical Clock 3D Screensaver 1.0-->"C:\Program Files\Mechanical Clock 3D Screensaver\unins000.exe"
MediaMonkey 3.1-->"C:\Program Files\MediaMonkey\unins000.exe"
Memento Mori-->C:\Program Files\Memento Mori\Uninstall.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Research AutoCollage 2008 version 1.1-->MsiExec.exe /I{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Millionaires Club-->C:\Program Files\InstallShield Installation Information\{3806792C-0E0E-45B6-BFA9-149E94C2CCF9}\setup.exe -runfromtemp -l0x0009 -removeonly
mIRC-->"d:\backup hard drive files\dir00002\mirc\mirc32.exe" -uninstall
Monopoly-->MsiExec.exe /I{040F8F72-65AC-4EDF-80EC-2FADE3DC8827}
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mr Bean-->MsiExec.exe /I{4982DB53-198D-4636-A59A-A4F8B46CD5F9}
National Geographic - Herod's Lost Tomb-->"C:\Program Files\WildGames\National Geographic - Herod's Lost Tomb\unins000.exe"
Natura Sound Therapy-->C:\WINDOWS\Natura Sound Therapy Uninstaller.exe
Nature 3D Screensaver 1.1-->"C:\Program Files\Nature 3D Screensaver\unins000.exe"
Nature Illusion Studio-->"C:\Program Files\Nufsoft\NatureStudio\Uninstall.exe"
Nautilus 3D Screensaver 1.2-->"C:\Program Files\Nautilus 3D Screensaver\unins000.exe"
Neptunia-->"C:\Program Files\Neptunia\ReflexiveArcade\unins000.exe"
Night City 3D Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\Night City 3D Screensaver\unins000.exe"
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Opera 10.10-->MsiExec.exe /X{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PE Explorer 1.99 R4-->"C:\Program Files\PE Explorer\unins000.exe"
PeerBlock 1.0+ (r277)-->"C:\Program Files\PeerBlock\unins000.exe"
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
Peggle Deluxe 1.0-->C:\Program Files\PopCap Games\Peggle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Peggle Deluxe\Install.log"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Pirate Ship 3D Screensaver 1.2-->"C:\Program Files\Astro Gemini Software\Pirate Ship 3D Screensaver\unins000.exe"
Pirates of the Caribbean - At Worlds End-->C:\Program Files\InstallShield Installation Information\{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}\setup.exe -runfromtemp -l0x0009 Pirates of the Caribbean - At Worlds End -removeonly
Pixelus Deluxe-->"C:\Program Files\Zylom Games\Pixelus Deluxe\GameInstaller.exe" --uninstall UnInstall.log
Planet Earth 3D Screensaver 1.1-->"C:\Program Files\Planet Earth 3D Screensaver\unins000.exe"
Prototype™-->C:\Program Files\InstallShield Installation Information\{9322A850-9091-4D0E-B252-3E82EDA3D94A}\setup.exe -runfromtemp -l0x0409
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QQ BlackJack-->C:\Program Files\Tencent\QQ Games\QQ BlackJack\Uninstall.EXE
QQ Bubble Arena-->C:\Program Files\Tencent\QQ Games\QQ Bubble Arena\Uninstall.EXE
QQ Games-->C:\Program Files\Tencent\QQ Games\Uninstall.EXE
QQ Pool-->C:\Program Files\Tencent\QQ Games\QQ Pool\Uninstall.EXE
QQ Robo-->C:\Program Files\Tencent\QQ Games\QQ Robo\Uninstall.EXE
QQ Treasure Hunter-->C:\Program Files\Tencent\QQ Games\QQ Treasure Hunter\Uninstall.EXE
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RarmaRadio 2.29-->"C:\Program Files\RarmaRadio\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Workshop-->"C:\Program Files\Registry Workshop\uninstall.exe"
RegRun Reanimator-->"C:\Program Files\UnHackMe\unins001.exe"
Replay Media Catcher 3.01-->"C:\WINDOWS\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Ricochet Xtreme-->"C:\Program Files\Zylom Games\Ricochet Xtreme\GameInstaller.exe" --uninstall UnInstall.log
Roxio Activation Module-->MsiExec.exe /I{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}
Roxio Creator 2009-->MsiExec.exe /I{3383136B-4F86-4F05-8612-DD4BB16A1EAE}
Roxio High-Def/Blu-ray Disc Plug-In-->C:\Documents and Settings\All Users\Application Data\Uninstall\{0C6FFD51-E507-4A29-8B25-4C1AF2796BA0}\setup.exe /x {0C6FFD51-E507-4A29-8B25-4C1AF2796BA0}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Satellite TV for PC-->"C:\Program Files\PC Satellite TV\unins000.exe"
Section 8-->"C:\Program Files\SouthPeak Games\Section 8\unins000.exe"
Security Task Manager 1.7f-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Severance (remove only)-->"C:\Program Files\Codemasters\Severance\Uninstall.exe"
ShadowCopy-->"C:\Program Files\Runtime Software\ShadowCopy\Uninstall.exe" "C:\Program Files\Runtime Software\ShadowCopy\install.log" -u
SILENT HILL 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00BD992A-D4C7-447D-8AA1-60B5759EA30D}\setup.exe" -l0x9
Slingo Supreme 1.0.0.103-->C:\Program Files\Slingo Supreme\Uninstall.exe
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Snowflakes (plug-in)-->C:\WINDOWS\Snowflakes (plug-in) Uninstaller.exe
Solar System 3D Screensaver 1.4-->"C:\Program Files\Astro Gemini Software\Solar System 3D Screensaver\unins000.exe"
SolSuite 2009 v9.2-->"C:\Program Files\SolSuite\unins000.exe"
SolSuite Graphics Pack Volume 1 - v1.22-->"C:\Program Files\SolSuite\unins001.exe"
SolSuite Graphics Pack Volume 2 - v2.15-->"C:\Program Files\SolSuite\unins002.exe"
SoundTaxi 3.8.3-->"C:\Program Files\SoundTaxi\unins000.exe"
Space Tunnels 3D Screensaver 1.0-->"C:\Program Files\Astro Gemini Software\Space Tunnels 3D Screensaver\unins000.exe"
SpywareBlaster 4.3-->"C:\Program Files\SpywareBlaster\unins000.exe"
Star Wars 3D Screensaver 1.3-->"C:\Program Files\Astro Gemini Software\Star Wars 3D Screensaver\unins000.exe"
SurfOffline (remove only)-->"C:\Program Files\SurfOffline\uninstall.exe"
Syncrosoft License Control-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Conjurer 1.00-->C:\Program Files\Games\The Conjurer\Uninstall.exe
The Lost Watch 3D Screensaver 1.0-->"C:\Program Files\The Lost Watch 3D Screensaver\unins000.exe"
Torchlight-->C:\Program Files\Runic Games\Torchlight\uninstall.exe
Treasure Vault 3D Screensaver 2.0-->"C:\Program Files\Astro Gemini Software\Treasure Vault 3D Screensaver\unins000.exe"
Tropical Fish 3D Screensaver 1.1-->"C:\Program Files\Tropical Fish 3D Screensaver\unins000.exe"
Twin Sector-->"C:\Program Files\Headup Games\Twin Sector\unins000.exe"
UharcGui-->C:\WINDOWS\unvise32.exe C:\Program Files\uharcgui\uninstal.log
UltimateDefrag 2008-->C:\Program Files\DiskTrix\UltimateDefrag2008\Uninstall.EXE /u:"UltimateDefrag 2008"
UltraISO Premium V9.31-->"C:\Program Files\UltraISO\unins000.exe"
UnHackMe 5.80 release-->"C:\Program Files\UnHackMe\unins000.exe"
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB-IrDA Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\SETUP.EXE" -l0x9
Valentine 3D Screensaver 1.0-->"C:\Program Files\Valentine 3D Screensaver\unins000.exe"
VidaOne Diet and Fitness-->MsiExec.exe /I{3DCA4A11-C43E-433C-99B4-7E0359524E3A}
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
Virtual Plastic Surgery Software - VPSS v1.0-->"C:\Program Files\Virtual Plastic Surgery Software\unins000.exe"
Vital Desktop Video-->"C:\Program Files\VitalDesktopVideo\unins000.exe"
VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Wandering IPs-->"C:\Program Files\Wandering IPs\uninstall.exe"
Water Clock 3D Screensaver 1.0-->"C:\Program Files\Water Clock 3D Screensaver\unins000.exe"
Watermill 3D Screensaver 2.0-->"C:\Program Files\Watermill 3D Screensaver\unins000.exe"
WebSite Extractor-->C:\Program Files\WebSite Extractor\uninstall.exe
WebZIP-->C:\Program Files\WebZIP 7\SXUNINST.EXE
WIBU-KEY Setup (WIBU-KEY Remove)-->C:\Program Files\WIBUKEY\Setup\SETUP32.EXE /R:{00060000-0000-1004-8002-0000C06B5161}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinAVI Video Converter-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
WindowFX-->C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WindowFX\INSTALL.LOG
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\grmnusb_8E661E05CC789A6D1B8ABAA087CF60EDD72AC35D\grmnusb.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WM Recorder-->C:\Program Files\WMR11\Uninstal.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yard Sale Hidden Treasures - Lucky Junction-->"C:\WINDOWS\Yard Sale Hidden Treasures - Lucky Junction\uninstall.exe" "/U:C:\Program Files\Yard Sale Hidden Treasures - Lucky Junction\Uninstall\uninstall.xml"
YouTube Video Downloader 2.6.2-->"C:\Program Files\Tomato\YouTube Video Downloader\unins000.exe"
Zinio Reader 4-->msiexec /qb /x {0BF16321-63EC-8ABE-8720-60A63BFF4A17}
Zinio Reader 4-->MsiExec.exe /I{0BF16321-63EC-8ABE-8720-60A63BFF4A17}
Zinio Reader-->C:\Program Files\Zinio\uninstall.exe
Zombie Shooter-->"C:\Program Files\Zombie Shooter\ReflexiveArcade\unins000.exe"
ZoneAlarm ForceField-->C:\Program Files\CheckPoint\ZAForceField\Uninstall.exe
ZoneAlarm Pro-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: ESET NOD32 antivirus system 2.70
FW: ZoneAlarm Pro Firewall

======System event log======

Computer Name: AWILDONE
Event Code: 7034
Message: The ProtexisLicensing service terminated unexpectedly. It has done this 1 time(s).

Record Number: 2258
Source Name: Service Control Manager
Time Written: 20100503212423.000000-240
Event Type: error
User:

Computer Name: AWILDONE
Event Code: 7000
Message: The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 2247
Source Name: Service Control Manager
Time Written: 20100503212330.000000-240
Event Type: error
User:

Computer Name: AWILDONE
Event Code: 7000
Message: The CSIScanner service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 2246
Source Name: Service Control Manager
Time Written: 20100503212330.000000-240
Event Type: error
User:

Computer Name: AWILDONE
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{E225E692-4B47-4777-9BED-4FD7FE257F0E}

Record Number: 2231
Source Name: DCOM
Time Written: 20100503083534.000000-240
Event Type: error
User: AWILDONE\Troy

Computer Name: AWILDONE
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service gusvc with arguments ""
in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Record Number: 2230
Source Name: DCOM
Time Written: 20100503083533.000000-240
Event Type: error
User: AWILDONE\Troy

=====Application event log=====

Computer Name: AWILDONE
Event Code: 20
Message:
Record Number: 1427
Source Name: Google Update
Time Written: 20100423132538.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: AWILDONE
Event Code: 20
Message:
Record Number: 1426
Source Name: Google Update
Time Written: 20100423131405.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: AWILDONE
Event Code: 20
Message:
Record Number: 1425
Source Name: Google Update
Time Written: 20100423122538.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: AWILDONE
Event Code: 20
Message:
Record Number: 1424
Source Name: Google Update
Time Written: 20100423121405.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: AWILDONE
Event Code: 20
Message:
Record Number: 1423
Source Name: Google Update
Time Written: 20100423112537.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\CoffeeCup Software\CoffeeCup ShoppingCart;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\11.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;c:\Program Files\Common Files\Ulead Systems\MPEG
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
"tvdumpflags"=8
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009
"RCAUTOPLAY"=C:\Program Files\Roxio Creator 2009\Roxio Central 4\
"EMC_AUTOPLAY"=C:\Program Files\Common Files\Roxio Shared\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 AWILD1

AWILD1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 06 May 2010 - 09:12 PM

Mbam Log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4073

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/6/2010 9:37:09 PM
mbam-log-2010-05-06 (21-37-09).txt

Scan type: Quick scan
Objects scanned: 147735
Time elapsed: 10 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:51 PM

Posted 07 May 2010 - 08:58 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#6 AWILD1

AWILD1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 07 May 2010 - 03:45 PM

Combofix log:


ComboFix 10-05-07.01 - Troy 05/07/2010 15:54:41.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1870 [GMT -4:00]
Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Troy\Application Data\chrtmp
c:\documents and settings\Troy\Application Data\file1.exe
c:\documents and settings\Troy\Application Data\inst.exe
c:\documents and settings\Troy\Application Data\PnkBstrK.sys
c:\documents and settings\Troy\Favorites\.url
c:\documents and settings\Troy\Favorites\Games.url
c:\windows\eSellerateEngine.dll
c:\windows\system32\BSTIeprintctl1.dll
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-04-07 to 2010-05-07 )))))))))))))))))))))))))))))))
.

2010-05-07 01:29 . 2010-05-07 01:30 -------- d-----w- c:\program files\trend micro
2010-05-07 01:29 . 2010-05-07 02:13 -------- d-----w- C:\rsit
2010-05-04 02:09 . 2010-05-07 01:32 -------- d-----w- C:\sscfg.sys123
2010-04-29 17:55 . 2010-04-29 17:55 -------- d-----w- c:\program files\Common Files\Java
2010-04-29 17:55 . 2010-04-29 17:55 503808 ----a-w- c:\documents and settings\Troy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-523fe4fe-n\msvcp71.dll
2010-04-29 17:55 . 2010-04-29 17:55 499712 ----a-w- c:\documents and settings\Troy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-523fe4fe-n\jmc.dll
2010-04-29 17:55 . 2010-04-29 17:55 348160 ----a-w- c:\documents and settings\Troy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-523fe4fe-n\msvcr71.dll
2010-04-29 17:55 . 2010-04-29 17:55 61440 ----a-w- c:\documents and settings\Troy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7f3b72be-n\decora-sse.dll
2010-04-29 17:55 . 2010-04-29 17:55 12800 ----a-w- c:\documents and settings\Troy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7f3b72be-n\decora-d3d.dll
2010-04-29 17:54 . 2010-04-29 17:53 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-29 17:53 . 2010-04-29 17:53 -------- d-----w- c:\program files\Java
2010-04-29 02:17 . 2010-04-29 02:17 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-04-29 00:45 . 2010-04-29 00:45 -------- d-----w- c:\windows\ERUNT
2010-04-28 13:56 . 2010-04-28 15:15 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-28 13:54 . 2010-04-28 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-28 13:53 . 2010-04-29 16:27 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-28 09:39 . 2010-04-28 09:39 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-04-28 09:39 . 2010-04-28 09:39 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-04-28 09:10 . 2010-04-29 06:42 -------- d-----w- C:\SDFix
2010-04-28 08:38 . 2010-03-23 21:34 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-04-28 00:37 . 2010-04-28 00:37 52224 ----a-w- c:\documents and settings\Troy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-28 00:37 . 2010-05-04 16:34 117760 ----a-w- c:\documents and settings\Troy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-28 00:36 . 2010-04-28 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-28 00:35 . 2010-04-29 16:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-28 00:35 . 2010-04-28 00:35 -------- d-----w- c:\documents and settings\Troy\Application Data\SUPERAntiSpyware.com
2010-04-27 06:07 . 2010-04-28 02:27 -------- d-----w- c:\program files\Universal Shield 4.3.1
2010-04-26 11:20 . 2010-04-26 11:20 10134 ----a-r- c:\documents and settings\Troy\Application Data\Microsoft\Installer\{DE51FDB9-E191-43A9-8DFF-45A7BAA0C950}\ARPPRODUCTICON.exe
2010-04-26 07:44 . 2010-04-26 07:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-26 07:39 . 2010-04-28 10:24 -------- d-----w- c:\program files\Hotspot Shield
2010-04-26 04:20 . 2010-04-26 04:20 -------- d--h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-04-26 04:07 . 2010-04-26 04:17 -------- d-----w- c:\program files\Desktop Sidebar
2010-04-26 04:02 . 2010-04-26 04:02 -------- d-----w- c:\program files\Bonjour
2010-04-26 02:31 . 2010-04-26 02:31 -------- d-----w- c:\documents and settings\Administrator.AWILDONE\Application Data\CyberScrub
2010-04-26 02:24 . 2010-04-26 02:24 -------- d-sh--w- c:\documents and settings\Administrator.AWILDONE\IETldCache
2010-04-26 01:49 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-04-26 01:49 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-26 01:45 . 2010-04-26 04:00 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-26 01:45 . 2010-04-26 04:00 -------- d-----w- c:\program files\Spyware Doctor
2010-04-26 00:26 . 2010-04-28 21:41 -------- d-----w- c:\program files\SpywareBlaster
2010-04-26 00:08 . 2010-04-26 00:08 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2010-04-25 23:57 . 2010-04-25 23:57 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-25 23:56 . 2010-04-25 23:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-25 22:04 . 2010-04-26 04:19 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}(2)
2010-04-22 10:17 . 2010-04-26 06:33 -------- d-----w- c:\program files\The Misadventures Of P.B. Winterbottom
2010-04-21 10:00 . 2010-04-21 10:00 -------- d-----w- c:\program files\Pop Cap
2010-04-21 05:24 . 2010-04-21 05:24 -------- d-----w- c:\program files\HipSoft
2010-04-16 07:04 . 2010-04-16 07:04 2060 ----a-w- c:\windows\system32\napaserv.zip
2010-04-15 10:51 . 2010-04-28 08:39 2 --shatr- c:\windows\winstart.bat
2010-04-15 10:45 . 2010-04-29 16:26 -------- d-----w- c:\program files\UnHackMe
2010-04-14 18:03 . 2010-04-14 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2010-04-14 09:55 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-04-14 06:01 . 2010-04-14 05:46 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-04-14 06:01 . 2010-04-14 06:01 -------- d-----w- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 18:32 . 2008-11-15 10:57 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-05-07 01:39 . 2009-01-16 21:03 -------- d-----w- c:\program files\Activision
2010-05-05 15:28 . 2009-07-19 04:56 -------- d-----w- c:\documents and settings\Troy\Application Data\ContentGuard
2010-05-05 15:27 . 2009-07-19 04:56 188501 ----a-w- c:\documents and settings\Troy\Application Data\ContentGuard\CGGuard2.dll
2010-05-04 16:28 . 2009-01-02 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-04 14:19 . 2010-05-04 14:38 2174464 ----a-w- c:\windows\Internet Logs\xDBBB.tmp
2010-05-04 14:14 . 2010-05-04 14:15 2174464 ----a-w- c:\windows\Internet Logs\xDBBA.tmp
2010-05-04 13:59 . 2009-11-19 13:54 -------- d-----w- c:\program files\CCleaner
2010-05-04 01:21 . 2010-05-04 01:23 2182656 ----a-w- c:\windows\Internet Logs\xDBB9.tmp
2010-05-02 13:01 . 2008-11-08 01:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-30 08:21 . 2010-02-27 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AutoHideIP
2010-04-29 19:48 . 2009-03-06 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 19:45 . 2009-08-17 17:10 6153648 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-29 16:19 . 2009-03-06 20:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 16:19 . 2009-03-06 20:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 21:46 . 2010-04-28 21:48 1400832 ----a-w- c:\windows\Internet Logs\xDBB8.tmp
2010-04-28 15:36 . 2008-12-13 05:33 -------- d-----w- c:\program files\Games
2010-04-28 15:24 . 2009-08-11 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DeskShare
2010-04-28 13:49 . 2008-11-14 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-04-28 10:27 . 2009-01-26 04:09 -------- d-----w- c:\program files\IDA
2010-04-28 10:17 . 2008-11-14 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-04-28 10:00 . 2010-03-17 01:04 204 ----a-w- c:\windows\system32\xpji52vg.bat
2010-04-28 09:27 . 2008-05-07 00:52 -------- d-----w- c:\program files\ESET
2010-04-28 02:46 . 2009-02-06 06:12 -------- d-----w- c:\program files\Registry Workshop
2010-04-28 00:34 . 2009-01-07 07:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-26 11:21 . 2008-11-08 01:16 -------- d-----w- c:\program files\ATI Technologies
2010-04-26 06:34 . 2010-02-10 18:53 -------- d-----w- c:\documents and settings\Troy\Application Data\Disney Interactive Studios
2010-04-26 04:21 . 2009-01-02 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-26 04:20 . 2009-01-02 08:18 -------- d-----w- c:\program files\Lavasoft
2010-04-26 04:02 . 2009-04-10 08:00 -------- d-----w- c:\program files\Slingo Supreme
2010-04-26 02:48 . 2008-12-13 05:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-26 01:53 . 2010-04-26 02:20 2142720 ----a-w- c:\windows\Internet Logs\xDBB7.tmp
2010-04-26 01:53 . 2010-04-26 02:20 615936 ----a-w- c:\windows\Internet Logs\xDBB6.tmp
2010-04-25 23:57 . 2008-11-08 01:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-25 23:44 . 2010-04-25 23:45 185344 ----a-w- c:\windows\Internet Logs\xDBB5.tmp
2010-04-25 06:57 . 2010-04-25 06:58 702976 ----a-w- c:\windows\Internet Logs\xDBB4.tmp
2010-04-22 09:58 . 2010-04-22 10:00 1974784 ----a-w- c:\windows\Internet Logs\xDBB3.tmp
2010-04-22 09:58 . 2010-04-22 10:00 144384 ----a-w- c:\windows\Internet Logs\xDBB2.tmp
2010-04-21 12:41 . 2010-04-21 12:42 1575936 ----a-w- c:\windows\Internet Logs\xDBB0.tmp
2010-04-21 12:41 . 2010-04-21 12:42 1972224 ----a-w- c:\windows\Internet Logs\xDBB1.tmp
2010-04-21 10:58 . 2009-04-09 02:59 48 ----a-w- c:\windows\popcinfot.dat
2010-04-21 08:09 . 2008-11-14 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2010-04-18 10:17 . 2009-11-08 22:53 -------- d-----w- c:\program files\PeerBlock
2010-04-18 02:29 . 2008-12-19 09:31 -------- d-----w- c:\program files\PeerGuardian2
2010-04-16 05:18 . 2010-04-16 05:20 653312 ----a-w- c:\windows\Internet Logs\xDBAF.tmp
2010-04-14 18:45 . 2010-02-03 03:22 6890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-14 18:45 . 2010-02-03 03:22 6890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-14 18:42 . 2008-05-07 01:36 419920 ----a-w- c:\documents and settings\Troy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-14 15:26 . 2010-02-03 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-04-14 15:26 . 2009-02-10 21:31 -------- d-----w- c:\program files\Corel
2010-04-14 15:11 . 2010-02-03 06:51 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-04-14 05:58 . 2009-08-16 15:03 -------- d-----w- c:\program files\Zinio
2010-04-14 05:46 . 2008-05-07 04:02 38784 ----a-w- c:\documents and settings\Troy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-27 13:46 . 2010-04-13 10:25 2650112 ----a-w- c:\windows\Internet Logs\xDBAE.tmp
2010-03-27 06:21 . 2010-03-27 06:21 -------- d-----w- c:\program files\DIFX
2010-03-27 06:21 . 2010-03-27 05:17 -------- d-----w- c:\program files\Garmin
2010-03-27 05:17 . 2010-03-27 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2010-03-27 05:11 . 2010-03-27 03:41 -------- d-----w- c:\documents and settings\Troy\Application Data\GARMIN
2010-03-27 04:38 . 2009-05-23 00:53 -------- d-----w- c:\documents and settings\Troy\Application Data\Download Manager
2010-03-25 17:29 . 2010-03-25 17:31 713216 ----a-w- c:\windows\Internet Logs\xDBAD.tmp
2010-03-25 09:45 . 2010-03-25 09:45 95 ----a-w- c:\windows\Winsus0.dat
2010-03-25 09:43 . 2008-08-28 23:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-25 09:35 . 2010-03-25 09:35 -------- d-----w- c:\program files\Susteen
2010-03-25 06:08 . 2009-01-10 11:10 -------- d-----w- c:\program files\Allway Sync
2010-03-24 05:45 . 2010-03-24 05:46 1797632 ----a-w- c:\windows\Internet Logs\xDBAC.tmp
2010-03-24 05:45 . 2010-03-24 05:46 2359808 ----a-w- c:\windows\Internet Logs\xDBAB.tmp
2010-03-23 06:07 . 2009-01-29 10:19 -------- d-----w- c:\documents and settings\Troy\Application Data\PlayFirst
2010-03-23 06:07 . 2009-01-29 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-03-23 03:00 . 2010-03-23 03:00 439816 ----a-w- c:\documents and settings\Troy\Application Data\Real\Update\setup3.10\setup.exe
2010-03-17 01:01 . 2010-03-17 01:03 726016 ----a-w- c:\windows\Internet Logs\xDBAA.tmp
2010-03-16 04:09 . 2010-03-16 04:09 -------- d-----w- c:\program files\DiskTrix
2010-03-16 03:12 . 2009-05-22 23:58 -------- d-----w- c:\program files\Zombie Shooter
2010-03-15 17:19 . 2009-07-05 06:58 -------- d-----w- c:\program files\A Fairy Tale
2010-03-15 17:19 . 2009-04-11 05:33 -------- d-----w- c:\program files\Cubis Gold 2
2010-03-15 17:19 . 2009-01-16 16:19 -------- d-----w- c:\program files\4 Elements
2010-03-15 17:01 . 2009-03-18 05:37 -------- d-----w- c:\documents and settings\Troy\Application Data\Divo Games
2010-03-15 08:53 . 2008-11-14 03:23 -------- d-----w- c:\program files\AIM6
2010-03-15 08:46 . 2008-11-14 02:55 617512 ----a-w- c:\documents and settings\All Users\Application Data\AOL\C_America Online 9.0\Unagi\ampx.exe
2010-03-14 11:55 . 2010-03-14 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PearlDiv_full
2010-03-14 08:44 . 2010-03-13 09:08 -------- d-----w- c:\program files\Mystic Diary 2 Survey
2010-03-14 08:27 . 2010-03-14 08:27 -------- d-----w- c:\program files\Windows Desktop Search
2010-03-14 08:27 . 2009-11-21 09:33 -------- d-----w- c:\program files\Alice's Magical Mahjong
2010-03-13 14:44 . 2008-12-12 23:49 -------- d-----w- c:\program files\Microsoft Works
2010-03-13 14:44 . 2009-01-16 16:07 -------- d-----w- c:\program files\Safari
2010-03-13 12:30 . 2010-03-13 12:31 1743360 ----a-w- c:\windows\Internet Logs\xDBA9.tmp
2010-03-13 12:28 . 2010-03-13 11:27 467 ----a-w- c:\program files\log.txt
2010-03-13 11:27 . 2010-03-13 12:31 2923008 ----a-w- c:\windows\Internet Logs\xDBA8.tmp
2010-03-13 09:06 . 2009-04-05 10:04 -------- d-----w- c:\program files\ToGo Game
2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 23:25 . 2010-03-08 23:27 1675776 ----a-w- c:\windows\Internet Logs\xDBA7.tmp
2010-03-06 08:55 . 2010-03-06 08:55 696624 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-05 07:49 . 2010-03-05 07:51 1611264 ----a-w- c:\windows\Internet Logs\xDBA6.tmp
2010-03-05 07:49 . 2010-03-05 07:51 2377216 ----a-w- c:\windows\Internet Logs\xDBA5.tmp
2010-03-03 08:50 . 2009-01-20 05:54 12892448 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-03-03 08:49 . 2010-03-03 08:50 513536 ----a-w- c:\windows\Internet Logs\xDBA3.tmp
2010-03-03 08:49 . 2010-03-03 08:50 1603584 ----a-w- c:\windows\Internet Logs\xDBA4.tmp
2010-03-02 00:33 . 2010-03-02 00:34 678400 ----a-w- c:\windows\Internet Logs\xDBA1.tmp
2010-03-02 00:33 . 2010-03-02 00:34 1603584 ----a-w- c:\windows\Internet Logs\xDBA2.tmp
2010-02-27 07:59 . 2010-02-27 08:00 696832 ----a-w- c:\windows\Internet Logs\xDB9F.tmp
2010-02-27 07:59 . 2010-02-27 08:00 1593856 ----a-w- c:\windows\Internet Logs\xDBA0.tmp
2008-05-07 01:49 . 2008-05-07 01:49 8 --sh--r- c:\windows\system32\807B330B7D.sys
2009-02-10 21:11 . 2009-02-10 21:01 56 --sh--r- c:\windows\system32\A6B2FBE7BE.sys
2009-02-10 21:36 . 2009-02-10 21:36 88 --sh--r- c:\windows\system32\BEE7FBB2A6.sys
2009-05-26 06:51 . 2008-05-07 01:49 8558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
CODE
<pre>
c:\windows\Web\Wallpaper\Sky Time .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2010-03-23 594144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-03 949376]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2008-07-24 445688]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-3 528384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2004-08-20 22:19 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Troy^Start Menu^Programs^Startup^Iomega Product Registration.lnk]
path=c:\documents and settings\Troy\Start Menu\Programs\Startup\Iomega Product Registration.lnk
backup=c:\windows\pss\Iomega Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2009-10-18 11:50 781656 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 06:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 05:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2004-08-16 20:45 45056 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-04-18 06:49 50736 ----a-w- c:\program files\AOL 9.0 VR\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CICache]
CICache.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2009-12-30 23:47 523408 ----a-w- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2008-08-10 08:05 80368 ----a-w- c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
2004-08-18 15:47 1249280 ----a-w- c:\program files\D-Link\AirPlus G\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5400]
2003-05-27 01:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2G1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 12:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-11-06 17:33 41264 ----a-w- c:\program files\Common Files\AOL\1235372424\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 13:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2005-07-23 03:25 28160 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2005-07-23 03:25 28160 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 16:19 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 16:19 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mount.exe]
2008-04-11 20:17 374272 ----a-w- c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
2004-08-20 22:24 1769472 ----a-w- c:\program files\Softex\OmniPass\scureapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Privacy Suite RiskMonitor]
2008-07-29 16:37 45192 ----a-w- c:\program files\CyberScrub Privacy Suite\Launch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Privacy Suite Scheduler]
2008-07-29 16:37 45192 ----a-w- c:\program files\CyberScrub Privacy Suite\Launch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-08-14 05:23 240112 ----a-w- c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
*DISABLED*c:\documents and settings\Troy\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
2010-01-07 18:09 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-12-11 20:38 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\US4Service]
2010-03-03 20:27 39488 ----a-w- c:\program files\Universal Shield 4.3.1\US4Service.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebLink]
2004-08-20 22:47 528384 ----a-w- c:\program files\Softex\Weblink\WebLink.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XdriveTray]
xdrive.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XdriveTrayIcon]
XdriveTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
2009-07-21 18:02 2707526 ----a-w- c:\program files\Zinio\ZinioReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch"=2 (0x2)
"RoxUpnpServer"=2 (0x2)
"RoxUPnPRenderer"=3 (0x3)
"RoxMediaDB"=3 (0x3)
"gusvc"=3 (0x3)
"US30Service"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"RoxWatch11"=2 (0x2)
"RoxMediaDB11"=3 (0x3)
"RoxLiveShare11"=2 (0x2)
"RoxLiveShare"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"HotspotShieldService"=3 (0x3)
"AOL ACS"=2 (0x2)
"MBAMService"=2 (0x2)
"SureThing Labelflash service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Stuffit Archive Name Service"=2 (0x2)
"CSHelper"=2 (0x2)
"ADVService"=2 (0x2)
"Lavasoft Ad-Aware Service"=3 (0x3)
"IDriverT"=3 (0x3)
"HUPZAQF"=3 (0x3)
"Roxio Upnp Server 11"=2 (0x2)
"Roxio UPnP Renderer 11"=3 (0x3)
"iPod Service"=3 (0x3)
"Diskeeper"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Bonjour Service"=2 (0x2)
"gupdate"=2 (0x2)
"PSI_SVC_2"=2 (0x2)
"idsvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Troy\\Desktop\\Programs to setup\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"c:\\Program Files\\AOL Games\\Q-bert 2005\\Q-bert 2005.exe"=
"c:\\Program Files\\Common Files\\AOL\\1183129128\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\The Tale of Despereaux\\TalesLauncher.exe"=
"c:\\Program Files\\The Tale of Despereaux\\TalesD.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1235372424\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Codemasters\\Overlord II\\Overlord2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/7/2009 3:24 AM 64288]
R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [1/5/2009 3:04 AM 26808]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [6/16/2009 5:42 PM 244608]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [5/6/2008 8:55 PM 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 IswSvc;ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [7/24/2008 7:03 AM 195832]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [8/11/2004 2:27 PM 547744]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/6/2009 4:17 PM 20952]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [8/2/2009 7:46 AM 23096]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [4/28/2010 5:39 AM 35816]
S2 CSIScanner;CSIScanner;"c:\program files\PrevxCSI\prevxcsi.exe" /service --> c:\program files\PrevxCSI\prevxcsi.exe [?]
S2 HDD & SSD access service;HDD & SSD access service;c:\program files\Common Files\BinarySense\disksvc.exe [8/13/2009 3:51 PM 205976]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/6/2009 4:17 PM 304464]
S3 dlttape;dlttape;c:\windows\system32\drivers\dlttape.sys [1/1/2010 8:56 PM 8320]
S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [7/24/2008 7:03 AM 35072]
S3 KProcWatch;KProcWatch;c:\windows\system32\drivers\KProcWatch.sys [9/16/2009 10:26 PM 8576]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [6/17/2009 9:52 PM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [6/17/2009 9:52 PM 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/17/2009 11:56 PM 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/17/2009 11:56 PM 23680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [7/4/2009 11:18 PM 395224]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009\RpcAgentSrv.exe [1/3/2009 8:03 AM 98488]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [8/2/2009 7:46 AM 249856]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [5/9/2008 12:10 AM 18432]
S4 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [4/25/2009 5:20 AM 266240]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/17/2010 7:59 AM 135664]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1170768]
S4 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 1:25 AM 313840]
S4 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 1:25 AM 367088]
S4 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 1:24 AM 309744]
S4 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/14/2008 1:23 AM 1124848]
S4 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 1:24 AM 170480]
S4 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [3/12/2009 1:52 AM 74392]

--- Other Services/Drivers In Memory ---

*Deregistered* - UnHackMeDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 11:59]

2010-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 11:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1227215759&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D606275303&id=64855
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = http=
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - res://c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
LSP: c:\windows\system32\imon.dll
Trusted Zone: aol.com\free
Trusted Zone: emipowered.net\fordvehicles.secure
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\
FF - prefs.js: browser.startup.homepage - hxxp://login.passport.net/uilogin.srf?id=2
FF - component: c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdbplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera\program\plugins\npgcplug.dll
FF - plugin: c:\program files\Opera\program\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SafeBoot-klmdb.sys
AddRemove-Creative PD1001 - c:\windows\CtDrvIns.exe -uninstall USB\VID_041E&PID_400D -plugin P1001Pin.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 16:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\sccfg.sys 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-115176313-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1454471165-115176313-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8A541B3E-5DD6-BDB1-E1C3-A7BF0825D256}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jamelghcmkhbabkapmlb"=hex:61,61,00,00
"kamelghcohicadofiklpkc"=hex:61,61,00,00
"famelghcjhod"=hex:66,61,67,6f,6f,6f,63,6f,6d,63,64,6e,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Softex\OmniPass\opxpgina.dll
c:\windows\system32\MSVCP60.dll

- - - - - - - > 'lsass.exe'(860)
c:\windows\system32\imon.dll
.
Completion time: 2010-05-07 16:07:58
ComboFix-quarantined-files.txt 2010-05-07 20:07

Pre-Run: 56,501,035,008 bytes free
Post-Run: 56,396,775,424 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B46344F9055C64F3CBF01D9A305BF2BD


#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:51 PM

Posted 07 May 2010 - 06:47 PM

Hi,

Please let me know in your next reply how the computer is running and if you are still having any problems?

TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.TFC(Temp File Cleaner):



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
Suspect::[85]
c:\windows\winstart.bat
c:\windows\system32\xpji52vg.bat
RenV::
c:\windows\Web\Wallpaper\Sky Time .exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CICache]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XdriveTray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XdriveTrayIcon]
RegNull::
[HKEY_USERS\S-1-5-21-1454471165-115176313-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
[HKEY_USERS\S-1-5-21-1454471165-115176313-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8A541B3E-5DD6-BDB1-E1C3-A7BF0825D256}*]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • Combofix.txt
  • ESET report

Thanks

unite.jpg


#8 AWILD1

AWILD1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 08 May 2010 - 02:07 PM

Hi, Sorry for the delay...it took 13 1/2 hours for ESET Online Scanner to run it's course. Thank you for all your help so far! The computer seemed to run quicker after the last ComboFix run but after the ESET Online scan and then rebooting, the computer seems a little sluggish again. Here are the 2 reports requested...

ComboFix:



ComboFix 10-05-07.01 - Troy 05/07/2010 23:47:30.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2106 [GMT -4:00]
Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Troy\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Resident AV is active


file zipped: c:\windows\system32\xpji52vg.bat
file zipped: c:\windows\winstart.bat
.

((((((((((((((((((((((((( Files Created from 2010-04-08 to 2010-05-08 )))))))))))))))))))))))))))))))
.

2010-05-07 01:29 . 2010-05-07 01:30 -------- d-----w- c:\program files\trend micro
2010-05-07 01:29 . 2010-05-07 02:13 -------- d-----w- C:\rsit
2010-05-04 02:09 . 2010-05-07 01:32 -------- d-----w- C:\sscfg.sys123
2010-04-29 17:55 . 2010-04-29 17:55 -------- d-----w- c:\program files\Common Files\Java
2010-04-29 17:55 . 2010-04-29 17:55 503808 ----a-w- c:\documents and settings\Troy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-523fe4fe-n\msvcp71.dll
2010-04-29 17:55 . 2010-04-29 17:55 499712 ----a-w- c:\documents and settings\Troy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-523fe4fe-n\jmc.dll
2010-04-29 17:55 . 2010-04-29 17:55 348160 ----a-w- c:\documents and settings\Troy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-523fe4fe-n\msvcr71.dll
2010-04-29 17:55 . 2010-04-29 17:55 61440 ----a-w- c:\documents and settings\Troy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7f3b72be-n\decora-sse.dll
2010-04-29 17:55 . 2010-04-29 17:55 12800 ----a-w- c:\documents and settings\Troy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7f3b72be-n\decora-d3d.dll
2010-04-29 17:54 . 2010-04-29 17:53 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-29 17:53 . 2010-04-29 17:53 -------- d-----w- c:\program files\Java
2010-04-29 02:17 . 2010-04-29 02:17 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2010-04-29 00:45 . 2010-04-29 00:45 -------- d-----w- c:\windows\ERUNT
2010-04-28 13:56 . 2010-04-28 15:15 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-28 13:54 . 2010-04-28 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-28 13:53 . 2010-04-29 16:27 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-28 09:39 . 2010-04-28 09:39 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-04-28 09:39 . 2010-04-28 09:39 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-04-28 09:10 . 2010-04-29 06:42 -------- d-----w- C:\SDFix
2010-04-28 08:38 . 2010-03-23 21:34 12752 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2010-04-28 00:37 . 2010-04-28 00:37 52224 ----a-w- c:\documents and settings\Troy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-28 00:37 . 2010-05-04 16:34 117760 ----a-w- c:\documents and settings\Troy\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-28 00:36 . 2010-04-28 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-28 00:35 . 2010-04-29 16:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-28 00:35 . 2010-04-28 00:35 -------- d-----w- c:\documents and settings\Troy\Application Data\SUPERAntiSpyware.com
2010-04-27 06:07 . 2010-04-28 02:27 -------- d-----w- c:\program files\Universal Shield 4.3.1
2010-04-26 11:20 . 2010-04-26 11:20 10134 ----a-r- c:\documents and settings\Troy\Application Data\Microsoft\Installer\{DE51FDB9-E191-43A9-8DFF-45A7BAA0C950}\ARPPRODUCTICON.exe
2010-04-26 07:44 . 2010-04-26 07:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-26 07:39 . 2010-04-28 10:24 -------- d-----w- c:\program files\Hotspot Shield
2010-04-26 04:20 . 2010-04-26 04:20 -------- d--h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-04-26 04:07 . 2010-04-26 04:17 -------- d-----w- c:\program files\Desktop Sidebar
2010-04-26 04:02 . 2010-04-26 04:02 -------- d-----w- c:\program files\Bonjour
2010-04-26 02:31 . 2010-04-26 02:31 -------- d-----w- c:\documents and settings\Administrator.AWILDONE\Application Data\CyberScrub
2010-04-26 02:24 . 2010-04-26 02:24 -------- d-sh--w- c:\documents and settings\Administrator.AWILDONE\IETldCache
2010-04-26 01:49 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-04-26 01:49 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-26 01:45 . 2010-04-26 04:00 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-26 01:45 . 2010-04-26 04:00 -------- d-----w- c:\program files\Spyware Doctor
2010-04-26 00:26 . 2010-04-28 21:41 -------- d-----w- c:\program files\SpywareBlaster
2010-04-26 00:08 . 2010-04-26 00:08 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2010-04-25 23:57 . 2010-04-25 23:57 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-25 23:56 . 2010-04-25 23:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-25 22:04 . 2010-04-26 04:19 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}(2)
2010-04-22 10:17 . 2010-04-26 06:33 -------- d-----w- c:\program files\The Misadventures Of P.B. Winterbottom
2010-04-21 10:00 . 2010-04-21 10:00 -------- d-----w- c:\program files\Pop Cap
2010-04-21 05:24 . 2010-04-21 05:24 -------- d-----w- c:\program files\HipSoft
2010-04-16 07:04 . 2010-04-16 07:04 2060 ----a-w- c:\windows\system32\napaserv.zip
2010-04-15 10:51 . 2010-04-28 08:39 2 --shatr- c:\windows\winstart.bat
2010-04-15 10:45 . 2010-04-29 16:26 -------- d-----w- c:\program files\UnHackMe
2010-04-14 18:03 . 2010-04-14 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2010-04-14 09:55 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-04-14 06:01 . 2010-04-14 06:01 -------- d-----w- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 18:32 . 2008-11-15 10:57 4212 ---h--w- c:\windows\system32\zllictbl.dat
2010-05-07 01:39 . 2009-01-16 21:03 -------- d-----w- c:\program files\Activision
2010-05-05 15:28 . 2009-07-19 04:56 -------- d-----w- c:\documents and settings\Troy\Application Data\ContentGuard
2010-05-05 15:27 . 2009-07-19 04:56 188501 ----a-w- c:\documents and settings\Troy\Application Data\ContentGuard\CGGuard2.dll
2010-05-04 16:28 . 2009-01-02 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-04 14:19 . 2010-05-04 14:38 2174464 ----a-w- c:\windows\Internet Logs\xDBBB.tmp
2010-05-04 14:14 . 2010-05-04 14:15 2174464 ----a-w- c:\windows\Internet Logs\xDBBA.tmp
2010-05-04 13:59 . 2009-11-19 13:54 -------- d-----w- c:\program files\CCleaner
2010-05-04 01:21 . 2010-05-04 01:23 2182656 ----a-w- c:\windows\Internet Logs\xDBB9.tmp
2010-05-02 13:01 . 2008-11-08 01:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-30 08:21 . 2010-02-27 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AutoHideIP
2010-04-29 19:48 . 2009-03-06 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 19:45 . 2009-08-17 17:10 6153648 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-29 16:19 . 2009-03-06 20:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 16:19 . 2009-03-06 20:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 21:46 . 2010-04-28 21:48 1400832 ----a-w- c:\windows\Internet Logs\xDBB8.tmp
2010-04-28 15:36 . 2008-12-13 05:33 -------- d-----w- c:\program files\Games
2010-04-28 15:24 . 2009-08-11 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\DeskShare
2010-04-28 13:49 . 2008-11-14 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-04-28 10:27 . 2009-01-26 04:09 -------- d-----w- c:\program files\IDA
2010-04-28 10:17 . 2008-11-14 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-04-28 10:00 . 2010-03-17 01:04 204 ----a-w- c:\windows\system32\xpji52vg.bat
2010-04-28 09:27 . 2008-05-07 00:52 -------- d-----w- c:\program files\ESET
2010-04-28 02:46 . 2009-02-06 06:12 -------- d-----w- c:\program files\Registry Workshop
2010-04-28 00:34 . 2009-01-07 07:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-26 11:21 . 2008-11-08 01:16 -------- d-----w- c:\program files\ATI Technologies
2010-04-26 06:34 . 2010-02-10 18:53 -------- d-----w- c:\documents and settings\Troy\Application Data\Disney Interactive Studios
2010-04-26 04:21 . 2009-01-02 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-26 04:20 . 2009-01-02 08:18 -------- d-----w- c:\program files\Lavasoft
2010-04-26 04:02 . 2009-04-10 08:00 -------- d-----w- c:\program files\Slingo Supreme
2010-04-26 02:48 . 2008-12-13 05:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-26 01:53 . 2010-04-26 02:20 2142720 ----a-w- c:\windows\Internet Logs\xDBB7.tmp
2010-04-26 01:53 . 2010-04-26 02:20 615936 ----a-w- c:\windows\Internet Logs\xDBB6.tmp
2010-04-25 23:57 . 2008-11-08 01:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-25 23:44 . 2010-04-25 23:45 185344 ----a-w- c:\windows\Internet Logs\xDBB5.tmp
2010-04-25 06:57 . 2010-04-25 06:58 702976 ----a-w- c:\windows\Internet Logs\xDBB4.tmp
2010-04-22 09:58 . 2010-04-22 10:00 1974784 ----a-w- c:\windows\Internet Logs\xDBB3.tmp
2010-04-22 09:58 . 2010-04-22 10:00 144384 ----a-w- c:\windows\Internet Logs\xDBB2.tmp
2010-04-21 12:41 . 2010-04-21 12:42 1575936 ----a-w- c:\windows\Internet Logs\xDBB0.tmp
2010-04-21 12:41 . 2010-04-21 12:42 1972224 ----a-w- c:\windows\Internet Logs\xDBB1.tmp
2010-04-21 10:58 . 2009-04-09 02:59 48 ----a-w- c:\windows\popcinfot.dat
2010-04-21 08:09 . 2008-11-14 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2010-04-18 10:17 . 2009-11-08 22:53 -------- d-----w- c:\program files\PeerBlock
2010-04-18 02:29 . 2008-12-19 09:31 -------- d-----w- c:\program files\PeerGuardian2
2010-04-16 05:18 . 2010-04-16 05:20 653312 ----a-w- c:\windows\Internet Logs\xDBAF.tmp
2010-04-14 18:45 . 2010-02-03 03:22 6890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-14 18:45 . 2010-02-03 03:22 6890 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-14 18:42 . 2008-05-07 01:36 419920 ----a-w- c:\documents and settings\Troy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-14 15:26 . 2010-02-03 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2010-04-14 15:26 . 2009-02-10 21:31 -------- d-----w- c:\program files\Corel
2010-04-14 15:11 . 2010-02-03 06:51 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-04-14 05:58 . 2009-08-16 15:03 -------- d-----w- c:\program files\Zinio
2010-03-27 13:46 . 2010-04-13 10:25 2650112 ----a-w- c:\windows\Internet Logs\xDBAE.tmp
2010-03-27 06:21 . 2010-03-27 06:21 -------- d-----w- c:\program files\DIFX
2010-03-27 06:21 . 2010-03-27 05:17 -------- d-----w- c:\program files\Garmin
2010-03-27 05:17 . 2010-03-27 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2010-03-27 05:11 . 2010-03-27 03:41 -------- d-----w- c:\documents and settings\Troy\Application Data\GARMIN
2010-03-27 04:38 . 2009-05-23 00:53 -------- d-----w- c:\documents and settings\Troy\Application Data\Download Manager
2010-03-25 17:29 . 2010-03-25 17:31 713216 ----a-w- c:\windows\Internet Logs\xDBAD.tmp
2010-03-25 09:45 . 2010-03-25 09:45 95 ----a-w- c:\windows\Winsus0.dat
2010-03-25 09:43 . 2008-08-28 23:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-25 09:35 . 2010-03-25 09:35 -------- d-----w- c:\program files\Susteen
2010-03-25 06:08 . 2009-01-10 11:10 -------- d-----w- c:\program files\Allway Sync
2010-03-24 05:45 . 2010-03-24 05:46 1797632 ----a-w- c:\windows\Internet Logs\xDBAC.tmp
2010-03-24 05:45 . 2010-03-24 05:46 2359808 ----a-w- c:\windows\Internet Logs\xDBAB.tmp
2010-03-23 06:07 . 2009-01-29 10:19 -------- d-----w- c:\documents and settings\Troy\Application Data\PlayFirst
2010-03-23 06:07 . 2009-01-29 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-03-23 03:00 . 2010-03-23 03:00 439816 ----a-w- c:\documents and settings\Troy\Application Data\Real\Update\setup3.10\setup.exe
2010-03-17 01:01 . 2010-03-17 01:03 726016 ----a-w- c:\windows\Internet Logs\xDBAA.tmp
2010-03-16 04:09 . 2010-03-16 04:09 -------- d-----w- c:\program files\DiskTrix
2010-03-16 03:12 . 2009-05-22 23:58 -------- d-----w- c:\program files\Zombie Shooter
2010-03-15 17:19 . 2009-07-05 06:58 -------- d-----w- c:\program files\A Fairy Tale
2010-03-15 17:19 . 2009-04-11 05:33 -------- d-----w- c:\program files\Cubis Gold 2
2010-03-15 17:19 . 2009-01-16 16:19 -------- d-----w- c:\program files\4 Elements
2010-03-15 17:01 . 2009-03-18 05:37 -------- d-----w- c:\documents and settings\Troy\Application Data\Divo Games
2010-03-15 08:53 . 2008-11-14 03:23 -------- d-----w- c:\program files\AIM6
2010-03-15 08:46 . 2008-11-14 02:55 617512 ----a-w- c:\documents and settings\All Users\Application Data\AOL\C_America Online 9.0\Unagi\ampx.exe
2010-03-14 11:55 . 2010-03-14 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PearlDiv_full
2010-03-14 08:44 . 2010-03-13 09:08 -------- d-----w- c:\program files\Mystic Diary 2 Survey
2010-03-14 08:27 . 2010-03-14 08:27 -------- d-----w- c:\program files\Windows Desktop Search
2010-03-14 08:27 . 2009-11-21 09:33 -------- d-----w- c:\program files\Alice's Magical Mahjong
2010-03-13 14:44 . 2008-12-12 23:49 -------- d-----w- c:\program files\Microsoft Works
2010-03-13 14:44 . 2009-01-16 16:07 -------- d-----w- c:\program files\Safari
2010-03-13 12:30 . 2010-03-13 12:31 1743360 ----a-w- c:\windows\Internet Logs\xDBA9.tmp
2010-03-13 12:28 . 2010-03-13 11:27 467 ----a-w- c:\program files\log.txt
2010-03-13 11:27 . 2010-03-13 12:31 2923008 ----a-w- c:\windows\Internet Logs\xDBA8.tmp
2010-03-13 09:06 . 2009-04-05 10:04 -------- d-----w- c:\program files\ToGo Game
2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 23:25 . 2010-03-08 23:27 1675776 ----a-w- c:\windows\Internet Logs\xDBA7.tmp
2010-03-06 08:55 . 2010-03-06 08:55 696624 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-05 07:49 . 2010-03-05 07:51 1611264 ----a-w- c:\windows\Internet Logs\xDBA6.tmp
2010-03-05 07:49 . 2010-03-05 07:51 2377216 ----a-w- c:\windows\Internet Logs\xDBA5.tmp
2010-03-03 08:50 . 2009-01-20 05:54 12892448 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-03-03 08:49 . 2010-03-03 08:50 513536 ----a-w- c:\windows\Internet Logs\xDBA3.tmp
2010-03-03 08:49 . 2010-03-03 08:50 1603584 ----a-w- c:\windows\Internet Logs\xDBA4.tmp
2010-03-02 00:33 . 2010-03-02 00:34 678400 ----a-w- c:\windows\Internet Logs\xDBA1.tmp
2010-03-02 00:33 . 2010-03-02 00:34 1603584 ----a-w- c:\windows\Internet Logs\xDBA2.tmp
2010-02-27 07:59 . 2010-02-27 08:00 696832 ----a-w- c:\windows\Internet Logs\xDB9F.tmp
2010-02-27 07:59 . 2010-02-27 08:00 1593856 ----a-w- c:\windows\Internet Logs\xDBA0.tmp
2010-02-25 09:44 . 2010-02-25 09:45 824832 ----a-w- c:\windows\Internet Logs\xDB9D.tmp
2008-05-07 01:49 . 2008-05-07 01:49 8 --sh--r- c:\windows\system32\807B330B7D.sys
2009-02-10 21:11 . 2009-02-10 21:01 56 --sh--r- c:\windows\system32\A6B2FBE7BE.sys
2009-02-10 21:36 . 2009-02-10 21:36 88 --sh--r- c:\windows\system32\BEE7FBB2A6.sys
2009-05-26 06:51 . 2008-05-07 01:49 8558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-05-07_20.03.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-07 05:31 . 2009-01-07 05:31 118784 c:\windows\Web\Wallpaper\Sky Time.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2010-03-23 594144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-03 949376]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2008-07-24 445688]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-3 528384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2004-08-20 22:19 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Troy^Start Menu^Programs^Startup^Iomega Product Registration.lnk]
path=c:\documents and settings\Troy\Start Menu\Programs\Startup\Iomega Product Registration.lnk
backup=c:\windows\pss\Iomega Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2009-10-18 11:50 781656 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 06:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 05:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2004-08-16 20:45 45056 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-04-18 06:49 50736 ----a-w- c:\program files\AOL 9.0 VR\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2009-12-30 23:47 523408 ----a-w- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2008-08-10 08:05 80368 ----a-w- c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
2004-08-18 15:47 1249280 ----a-w- c:\program files\D-Link\AirPlus G\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5400]
2003-05-27 01:00 99840 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_S4I2G1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 12:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-11-06 17:33 41264 ----a-w- c:\program files\Common Files\AOL\1235372424\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 13:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2005-07-23 03:25 28160 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2005-07-23 03:25 28160 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 16:19 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 16:19 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mount.exe]
2008-04-11 20:17 374272 ----a-w- c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
2004-08-20 22:24 1769472 ----a-w- c:\program files\Softex\OmniPass\scureapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Privacy Suite RiskMonitor]
2008-07-29 16:37 45192 ----a-w- c:\program files\CyberScrub Privacy Suite\Launch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Privacy Suite Scheduler]
2008-07-29 16:37 45192 ----a-w- c:\program files\CyberScrub Privacy Suite\Launch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-08-14 05:23 240112 ----a-w- c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby]
2010-01-07 18:09 105632 ----a-w- c:\program files\Common Files\Corel\Standby\Standby.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-12-11 20:38 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\US4Service]
2010-03-03 20:27 39488 ----a-w- c:\program files\Universal Shield 4.3.1\US4Service.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebLink]
2004-08-20 22:47 528384 ----a-w- c:\program files\Softex\Weblink\WebLink.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
2009-07-21 18:02 2707526 ----a-w- c:\program files\Zinio\ZinioReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch"=2 (0x2)
"RoxUpnpServer"=2 (0x2)
"RoxUPnPRenderer"=3 (0x3)
"RoxMediaDB"=3 (0x3)
"gusvc"=3 (0x3)
"US30Service"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"RoxWatch11"=2 (0x2)
"RoxMediaDB11"=3 (0x3)
"RoxLiveShare11"=2 (0x2)
"RoxLiveShare"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"HotspotShieldService"=3 (0x3)
"AOL ACS"=2 (0x2)
"MBAMService"=2 (0x2)
"SureThing Labelflash service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Stuffit Archive Name Service"=2 (0x2)
"CSHelper"=2 (0x2)
"ADVService"=2 (0x2)
"Lavasoft Ad-Aware Service"=3 (0x3)
"IDriverT"=3 (0x3)
"HUPZAQF"=3 (0x3)
"Roxio Upnp Server 11"=2 (0x2)
"Roxio UPnP Renderer 11"=3 (0x3)
"iPod Service"=3 (0x3)
"Diskeeper"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Bonjour Service"=2 (0x2)
"gupdate"=2 (0x2)
"PSI_SVC_2"=2 (0x2)
"idsvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Troy\\Desktop\\Programs to setup\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.0 VR\\waol.exe"=
"c:\\Program Files\\AOL Games\\Q-bert 2005\\Q-bert 2005.exe"=
"c:\\Program Files\\Common Files\\AOL\\1183129128\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\The Tale of Despereaux\\TalesLauncher.exe"=
"c:\\Program Files\\The Tale of Despereaux\\TalesD.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1235372424\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Codemasters\\Overlord II\\Overlord2.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/7/2009 3:24 AM 64288]
R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [1/5/2009 3:04 AM 26808]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [6/16/2009 5:42 PM 244608]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [5/6/2008 8:55 PM 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 IswSvc;ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [7/24/2008 7:03 AM 195832]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [8/11/2004 2:27 PM 547744]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/6/2009 4:17 PM 20952]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [8/2/2009 7:46 AM 23096]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [4/28/2010 5:39 AM 35816]
S2 CSIScanner;CSIScanner;"c:\program files\PrevxCSI\prevxcsi.exe" /service --> c:\program files\PrevxCSI\prevxcsi.exe [?]
S2 HDD & SSD access service;HDD & SSD access service;c:\program files\Common Files\BinarySense\disksvc.exe [8/13/2009 3:51 PM 205976]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/6/2009 4:17 PM 304464]
S3 dlttape;dlttape;c:\windows\system32\drivers\dlttape.sys [1/1/2010 8:56 PM 8320]
S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [7/24/2008 7:03 AM 35072]
S3 KProcWatch;KProcWatch;c:\windows\system32\drivers\KProcWatch.sys [9/16/2009 10:26 PM 8576]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [6/17/2009 9:52 PM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [6/17/2009 9:52 PM 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [6/17/2009 11:56 PM 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/17/2009 11:56 PM 23680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [7/4/2009 11:18 PM 395224]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009\RpcAgentSrv.exe [1/3/2009 8:03 AM 98488]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [8/2/2009 7:46 AM 249856]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [5/9/2008 12:10 AM 18432]
S4 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [4/25/2009 5:20 AM 266240]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/17/2010 7:59 AM 135664]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1170768]
S4 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 1:25 AM 313840]
S4 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 1:25 AM 367088]
S4 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 1:24 AM 309744]
S4 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/14/2008 1:23 AM 1124848]
S4 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 1:24 AM 170480]
S4 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [3/12/2009 1:52 AM 74392]

--- Other Services/Drivers In Memory ---

*Deregistered* - UnHackMeDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 11:59]

2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-17 11:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1227215759&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx%3Fn%3D606275303&id=64855
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = http=
IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - res://c:\program files\Tomato\YouTube Video Downloader\MDIEEx.dll/211
LSP: c:\windows\system32\imon.dll
Trusted Zone: aol.com\free
Trusted Zone: emipowered.net\fordvehicles.secure
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\
FF - prefs.js: browser.startup.homepage - hxxp://login.passport.net/uilogin.srf?id=2
FF - component: c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SansaDispatch - *DISABLED*c:\documents and settings\Troy\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 23:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-115176313-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'lsass.exe'(860)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(13540)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-08 00:04:29
ComboFix-quarantined-files.txt 2010-05-08 04:04

Pre-Run: 56,357,744,640 bytes free
Post-Run: 56,318,984,192 bytes free

- - End Of File - - 5703D55306C6AFF5EC9D0E80F7CD8906
Upload was successful





ESET report:



C:\Program Files\4 Elements\4 Elements.exe probably a variant of Win32/TrojanDownloader.Agent trojan cleaned by deleting - quarantined
C:\Program Files\Slingo Supreme\SlingoSupreme.exe probably a variant of Win32/TrojanDownloader.Agent trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{325179DF-F5DA-4C52-A28C-33D9D650AAAA}\RP13\A0011596.exe probably a variant of Win32/Agent trojan deleted - quarantined
C:\System Volume Information\_restore{325179DF-F5DA-4C52-A28C-33D9D650AAAA}\RP13\A0011597.exe probably a variant of Win32/TrojanDropper.VB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{325179DF-F5DA-4C52-A28C-33D9D650AAAA}\RP13\A0011598.exe probably a variant of Win32/TrojanDownloader.Agent trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{325179DF-F5DA-4C52-A28C-33D9D650AAAA}\RP13\A0011599.exe probably a variant of Win32/TrojanDownloader.Agent trojan cleaned by deleting - quarantined
D:\Backup Hard Drive Files\pcdj19793.exe a variant of Win32/Adware.TimeSink.AA application cleaned by deleting - quarantined
D:\Backup Files\lakefree.exe multiple threats deleted - quarantined
D:\Downloads\Tropical Screensaver 6-Pack [FULL].rar probably a variant of Win32/SdBot trojan deleted - quarantined



#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:51 PM

Posted 10 May 2010 - 07:51 AM

Hi no worries with the delay, have been a bit busy myself.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

unite.jpg


#10 AWILD1

AWILD1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 10 May 2010 - 03:33 PM

Hi, There was no Extra.txt produced. I did a search to see if it may of been saved somewhere else, but came up with nothing. Should I run the scan again?

Here is the OTL.txt:

OTL logfile created on: 5/10/2010 10:34:44 AM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Troy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 450 500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.47 Gb Total Space | 52.50 Gb Free Space | 18.79% Space Free | Partition Type: NTFS
Drive D: | 37.25 Gb Total Space | 3.69 Gb Free Space | 9.91% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AWILDONE
Current User Name: Troy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/10 10:01:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Troy\Desktop\OTL.exe
PRC - [2010/04/29 12:19:20 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/29 12:19:20 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/03/23 17:33:58 | 000,594,144 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe
PRC - [2009/08/03 07:51:31 | 000,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2009/08/03 07:51:30 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2008/07/24 07:03:26 | 000,195,832 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2008/07/09 10:05:20 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/07/09 10:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/04 02:42:00 | 000,528,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2005/08/04 02:42:00 | 000,028,160 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2005/04/06 17:03:28 | 000,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2004/08/20 18:44:50 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2004/08/20 18:19:36 | 000,057,344 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
PRC - [2003/08/27 14:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/05/10 10:01:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Troy\Desktop\OTL.exe
MOD - [2009/02/11 12:25:10 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2009/02/11 12:25:10 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/08/04 02:42:00 | 000,057,344 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2005/08/04 02:42:00 | 000,010,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\HookDLL.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CSIScanner)
SRV - [2010/04/29 12:19:20 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/18 07:50:05 | 001,170,768 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/13 15:51:54 | 000,205,976 | ---- | M] (BinarySense Ltd.) [Auto | Stopped] -- C:\Program Files\Common Files\BinarySense\disksvc.exe -- (HDD & SSD access service)
SRV - [2009/08/03 07:51:30 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2009/05/06 15:32:02 | 000,249,856 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\WINDOWS\System32\snmvtsvc.exe -- (SMServer)
SRV - [2009/04/25 05:20:21 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)
SRV - [2009/04/10 13:23:02 | 000,025,640 | R--- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/03/12 22:46:55 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/19 09:28:54 | 000,199,000 | ---- | M] (Smith Micro Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Smith Micro\StuffIt 2009\ArcNameService.exe -- (Stuffit Archive Name Service)
SRV - [2008/09/01 17:43:18 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/08/14 01:25:24 | 000,367,088 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe -- (Roxio Upnp Server 11)
SRV - [2008/08/14 01:25:20 | 000,313,840 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe -- (Roxio UPnP Renderer 11)
SRV - [2008/08/14 01:24:06 | 000,309,744 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe -- (RoxLiveShare11)
SRV - [2008/08/14 01:24:02 | 000,170,480 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe -- (RoxWatch11)
SRV - [2008/08/14 01:23:42 | 001,124,848 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/07/24 07:03:26 | 000,195,832 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2008/07/09 10:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/11/06 16:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/21 15:09:44 | 000,229,376 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare)
SRV - [2005/10/21 15:08:34 | 000,864,256 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB)
SRV - [2005/10/21 15:05:42 | 000,155,648 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch)
SRV - [2005/10/21 12:58:02 | 000,045,056 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe -- (RoxUPnPRenderer)
SRV - [2005/10/21 12:57:20 | 000,405,504 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe -- (RoxUpnpServer)
SRV - [2005/04/06 17:03:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2004/08/20 18:44:50 | 000,068,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)
SRV - [2003/08/27 14:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/04/28 05:39:21 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/11 17:02:42 | 004,525,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/10/13 12:15:46 | 000,071,168 | ---- | M] (© Everstrike Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\US30XP.sys -- (US30Sys)
DRV - [2009/09/23 08:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/08/03 07:51:33 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2009/08/03 07:51:30 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2009/06/17 12:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/05/06 13:11:22 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2009/01/23 09:49:08 | 000,037,664 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009/01/05 03:04:48 | 000,026,808 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxark.sys -- (pxark)
DRV - [2008/11/13 23:31:34 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\windrvNT.sys -- (windrvNT)
DRV - [2008/08/11 11:53:22 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2008/07/29 14:35:18 | 000,021,920 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/07/24 07:03:22 | 000,035,072 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2008/07/09 10:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/04/13 15:40:52 | 000,008,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dlttape.sys -- (dlttape)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/29 03:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/02/27 04:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/01/23 17:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/11/06 16:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/11/02 14:36:10 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/10/10 16:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/08/30 08:00:00 | 000,244,608 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\c2scsi.sys -- (c2scsi)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/23 05:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2007/01/30 01:16:42 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/01/23 19:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/11/23 17:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2006/03/28 17:54:46 | 000,013,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2006/02/23 22:03:42 | 000,008,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KProcWatch.sys -- (KProcWatch)
DRV - [2005/08/31 11:34:52 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2005/08/31 11:34:10 | 000,020,480 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2005/07/29 17:26:54 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/07/29 17:21:32 | 000,011,988 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2005/07/22 23:41:46 | 000,026,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/07/22 23:41:42 | 000,068,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/04/30 15:50:10 | 000,028,271 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2005/04/30 15:48:58 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2005/03/25 18:18:48 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2005/01/27 03:22:00 | 000,088,016 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/10/19 14:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/03 14:37:42 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/05/05 18:25:48 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/01/29 14:25:20 | 000,395,224 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P1001Vid.sys -- (P1001VID) Creative WebCam (WDM)
DRV - [2001/12/27 11:59:34 | 000,067,072 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Wibukey.sys -- (WIBUKEY)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1454471165-115176313-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...03&id=64855
IE - HKU\S-1-5-21-1454471165-115176313-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-115176313-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\S-1-5-21-1454471165-115176313-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://login.passport.net/uilogin.srf?id=2"
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:1.9
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:3.0.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.1.8.5
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.9
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.2
FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.5
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: tunebite-firefox-surf-and-catch-extension@audials.com:1.3.6900.0
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.0.4

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 0
FF - user.js..network.proxy.ssl: ""
FF - user.js..network.proxy.ssl_port: 0
FF - user.js..network.proxy.ftp: ""
FF - user.js..network.proxy.ftp_port: 0
FF - user.js..network.proxy.gopher: ""
FF - user.js..network.proxy.gopher_port: 0
FF - user.js..network.proxy.socks_version: 5
FF - user.js..network.proxy.socks: ""
FF - user.js..network.proxy.socks_port: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2008/09/26 03:38:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2009/03/10 20:55:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/14 03:14:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/30 04:07:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/29 13:54:39 | 000,000,000 | ---D | M]

[2008/12/18 06:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Troy\Application Data\Mozilla\Extensions
[2010/02/27 05:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions
[2009/07/05 02:25:57 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2008/11/13 22:46:07 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2008/11/13 22:46:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2009/05/22 20:47:28 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/12/16 05:40:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/13 22:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2008/11/13 22:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{36EC55C0-D27E-11d8-9418-444553540001}
[2008/11/13 22:46:04 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2008/11/13 22:46:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2009/07/05 02:25:58 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2008/11/13 22:46:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{998911E3-4D6E-4497-9554-B5655E9CC7FD}
[2008/11/13 22:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{9b9d2aaa-ae26-4447-a7a1-633a32b19ddd}
[2008/11/13 22:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2008/11/13 22:45:54 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2009/05/22 20:47:22 | 000,000,000 | ---D | M] (Image Toolbar) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}
[2008/11/13 22:45:51 | 000,000,000 | ---D | M] (Blue Ice 2) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}
[2009/05/22 20:47:04 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2008/11/13 22:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Troy\Application Data\Mozilla\Firefox\Profiles\h3jv2ls1.default\extensions\temp
[2010/04/29 13:54:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/29 13:54:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/11/20 17:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/01/07 03:36:01 | 002,433,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npdbplug.dll
[2010/04/29 13:54:00 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/20 17:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/03/25 11:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2010/04/28 22:32:54 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ForceField Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ForceField Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-1454471165-115176313-682003330-1003\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1454471165-115176313-682003330-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1454471165-115176313-682003330-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1454471165-115176313-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1454471165-115176313-682003330-1003\..\Toolbar\WebBrowser: (ForceField Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\S-1-5-21-1454471165-115176313-682003330-1003..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-115176313-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1454471165-115176313-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1454471165-115176313-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-115176313-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O9 - Extra 'Tools' menuitem : Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll (Tomato)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\imon.dll (Eset )
O15 - HKU\S-1-5-21-1454471165-115176313-682003330-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-1454471165-115176313-682003330-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1454471165-115176313-682003330-1003\..Trusted Domains: emipowered.net ([fordvehicles.secure] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/44.10/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab (Bejeweled Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1230956794749 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejew...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0...inAxControl.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Troy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Troy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 17:31:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\WINDOWS\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (...) - ... File not found
O34 - HKLM BootExecute: (on\Explorer\MountPoints2\I\Shell) - C:\WINDOWS\System32\Shell.dll (Microsoft Corporation)
O34 - HKLM BootExecute: (hell) - File not found
O34 - HKLM BootExecute: (a-11) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/05/06 17:31:17 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "RoxWatch"
MsConfig - Services: "RoxUpnpServer"
MsConfig - Services: "RoxUPnPRenderer"
MsConfig - Services: "RoxMediaDB"
MsConfig - Services: "gusvc"
MsConfig - Services: "US30Service"
MsConfig - Services: "PnkBstrB"
MsConfig - Services: "PnkBstrA"
MsConfig - Services: "ose"
MsConfig - Services: "odserv"
MsConfig - Services: "Microsoft Office Groove Audit Service"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "RoxWatch11"
MsConfig - Services: "RoxMediaDB11"
MsConfig - Services: "RoxLiveShare11"
MsConfig - Services: "RoxLiveShare"
MsConfig - Services: "Viewpoint Manager Service"
MsConfig - Services: "HotspotShieldService"
MsConfig - Services: "AOL ACS"
MsConfig - Services: "MBAMService"
MsConfig - Services: "SureThing Labelflash service"
MsConfig - Services: "FLEXnet Licensing Service"
MsConfig - Services: "Stuffit Archive Name Service"
MsConfig - Services: "CSHelper"
MsConfig - Services: "ADVService"
MsConfig - Services: "Lavasoft Ad-Aware Service"
MsConfig - Services: "IDriverT"
MsConfig - Services: "HUPZAQF"
MsConfig - Services: "Roxio Upnp Server 11"
MsConfig - Services: "Roxio UPnP Renderer 11"
MsConfig - Services: "iPod Service"
MsConfig - Services: "Diskeeper"
MsConfig - Services: "Apple Mobile Device"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "gupdate"
MsConfig - Services: "PSI_SVC_2"
MsConfig - Services: "idsvc"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe - (Amazon.com)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk - C:\PROGRA~1\WI459E~1\WINDOW~1.EXE - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^Troy^Start Menu^Programs^Startup^Iomega Product Registration.lnk - C:\Program Files\Iomega\Registration\Register.exe - (Leader Technologies)
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Ad-Watch - hkey= - key= - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ANIWZCS2Service - hkey= - key= - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
MsConfig - StartUpReg: AOL Fast Start - hkey= - key= - C:\Program Files\AOL 9.0 VR\AOL.EXE (AOL, LLC.)
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
MsConfig - StartUpReg: CPMonitor - hkey= - key= - C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe ()
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: D-Link AirPlus G - hkey= - key= - C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
MsConfig - StartUpReg: EPSON Stylus CX5400 - hkey= - key= - File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\AOL\1235372424\ee\aolsoftware.exe (AOL LLC)
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
MsConfig - StartUpReg: Logitech Hardware Abstraction Layer - hkey= - key= - C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: mount.exe - hkey= - key= - C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe (Gibin Software House (http://www.gibinsoft.net))
MsConfig - StartUpReg: OmniPass - hkey= - key= - C:\Program Files\Softex\OmniPass\scureapp.exe ()
MsConfig - StartUpReg: Privacy Suite RiskMonitor - hkey= - key= - C:\Program Files\CyberScrub Privacy Suite\Launch.exe ()
MsConfig - StartUpReg: Privacy Suite Scheduler - hkey= - key= - C:\Program Files\CyberScrub Privacy Suite\Launch.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe (Sonic Solutions)
MsConfig - StartUpReg: Standby - hkey= - key= - c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: US4Service - hkey= - key= - C:\Program Files\Universal Shield 4.3.1\US4Service.exe ()
MsConfig - StartUpReg: WebLink - hkey= - key= - C:\Program Files\Softex\Weblink\WebLink.exe ()
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - StartUpReg: Zinio DLM - hkey= - key= - C:\Program Files\Zinio\ZinioReader.exe (Zinio, LLC)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CLBR - C:\WINDOWS\System32\P1001Dex.ax (Creative Technology Ltd.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\Ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation)
Drivers32: VIDC.NTN1 - NUVision.ax File not found
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/10 10:01:34 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Troy\Desktop\OTL.exe
[2010/05/08 00:33:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/07 15:46:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/07 15:45:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/07 15:45:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/07 15:45:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/07 15:45:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/07 15:38:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/06 21:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/05/06 21:29:04 | 000,000,000 | ---D | C] -- C:\rsit
[2010/05/04 09:56:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Troy\Recent
[2010/05/03 22:09:53 | 000,000,000 | ---D | C] -- C:\sscfg.sys123
[2010/04/30 02:17:58 | 011,909,632 | ---- | C] (Michal Kowalski) -- C:\Documents and Settings\Troy\Desktop\1.0.11 ExifPro Install.exe
[2010/04/30 02:13:52 | 003,003,373 | ---- | C] (RL Vision ) -- C:\Documents and Settings\Troy\Desktop\exif_tag_remover_30_setup.exe
[2010/04/29 22:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Troy\Desktop\F-Secure BlackLight
[2010/04/29 13:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/29 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/29 13:54:39 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/29 13:54:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/29 13:54:39 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/29 13:54:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/29 13:54:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/29 13:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/29 13:53:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Troy\Application Data\Sun
[2010/04/28 22:17:22 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/04/28 20:45:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/04/28 09:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/04/28 09:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/28 05:39:21 | 000,035,816 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/04/28 05:39:20 | 000,037,600 | ---- | C] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/04/28 05:10:48 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/04/28 04:38:01 | 000,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\WINDOWS\System32\drivers\UnHackMeDrv.sys
[2010/04/28 04:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\regruninfo
[2010/04/27 20:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/27 20:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Troy\Application Data\SUPERAntiSpyware.com
[2010/04/27 20:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/27 02:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Shield 4.3.1
[2010/04/26 03:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2010/04/26 00:20:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010/04/26 00:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Desktop Sidebar
[2010/04/26 00:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/25 21:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/25 21:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/25 21:43:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/25 20:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/04/25 19:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/25 19:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/25 18:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Troy\Desktop\Malware Stuff
[2010/04/25 18:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}(2)
[2010/04/24 03:49:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/24 02:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/24 02:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/22 06:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Troy\My Documents\2K Play
[2010/04/22 06:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\The Misadventures Of P.B. Winterbottom
[2010/04/21 06:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Pop Cap
[2010/04/21 01:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\HipSoft
[2010/04/15 06:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/04/15 03:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Troy\My Documents\Maverick Auto Floor Shifter
[2010/04/14 14:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2010/04/14 05:56:44 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2010/04/14 05:56:40 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2010/04/14 05:56:40 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2010/04/14 05:56:38 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2010/04/14 05:56:36 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2010/04/14 05:56:34 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2010/04/14 05:56:34 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2010/04/14 05:56:31 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2010/04/14 05:56:29 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2010/04/14 05:56:29 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_2.dll
[2010/04/14 05:56:27 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2010/04/14 05:56:27 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2010/04/14 05:56:25 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2010/04/14 05:56:23 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2010/04/14 05:56:21 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2010/04/14 05:56:18 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2010/04/14 05:56:18 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2010/04/14 05:56:16 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2010/04/14 05:56:10 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2010/04/14 05:56:09 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010/04/14 05:56:09 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2010/04/14 05:56:08 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010/04/14 05:56:08 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2010/04/14 05:56:08 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2010/04/14 05:56:07 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2010/04/14 05:56:07 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2010/04/14 05:56:06 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2010/04/14 05:56:06 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2010/04/14 05:56:06 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2010/04/14 05:55:52 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010/04/14 05:55:51 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010/04/14 05:55:51 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010/04/14 05:55:49 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2010/04/14 05:55:49 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2010/04/14 05:55:48 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2010/04/14 05:55:44 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010/04/14 05:55:43 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2010/04/14 05:55:43 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2010/04/14 05:55:42 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2010/04/14 02:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Troy\*.tmp files -> C:\Documents and Settings\Troy\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/10 10:14:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/10 10:01:44 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Troy\Desktop\OTL.exe
[2010/05/10 08:31:14 | 000,000,503 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\BleepingComputer.url
[2010/05/10 03:23:20 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\Winster - Games, Friends, Prizes.url
[2010/05/10 01:47:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/10 01:38:46 | 000,352,186 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/10 01:38:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/10 01:37:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/10 01:36:36 | 018,640,896 | ---- | M] () -- C:\Documents and Settings\Troy\ntuser.dat
[2010/05/10 01:36:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Troy\ntuser.ini
[2010/05/09 19:41:03 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/05/09 15:10:28 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\craigslist dayton - springfield classifieds for jobs, apartments, personals, for sale, services, community, and events.url
[2010/05/07 23:59:25 | 000,000,274 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/07 15:47:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/07 15:44:35 | 003,684,182 | R--- | M] () -- C:\Documents and Settings\Troy\Desktop\ComboFix.exe
[2010/05/07 15:32:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/06 01:58:07 | 000,012,526 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\eBay – electric motor fan, floor fan items on eBay.com. Find IT on eBay..url
[2010/05/06 00:25:11 | 000,021,890 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\Torrent Search Torrent Finder Torrent Search Engine.url
[2010/05/03 20:05:14 | 000,561,617 | ---- | M] () -- C:\Documents and Settings\Troy\My Documents\Thank you for your payment - PayPal.mht
[2010/05/03 17:00:41 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\Sprint - Sprint Sweets.url
[2010/05/03 10:33:26 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\Sugar Glider Store Site Map.url
[2010/05/01 10:49:41 | 004,130,566 | -H-- | M] () -- C:\Documents and Settings\Troy\Local Settings\Application Data\IconCache.db
[2010/04/30 04:46:04 | 000,002,809 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\What Is My IP Address - IP Address Lookup, Internet Speed Test, IP Info, plus more.url
[2010/04/30 02:14:02 | 003,003,373 | ---- | M] (RL Vision ) -- C:\Documents and Settings\Troy\Desktop\exif_tag_remover_30_setup.exe
[2010/04/30 02:06:26 | 000,081,583 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\JPEG & PNG Stripper.zip
[2010/04/29 15:16:35 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/29 14:47:02 | 000,001,119 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 14:47:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/29 13:53:56 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/29 13:53:56 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/29 13:53:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/29 13:53:55 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/29 13:53:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 09:06:29 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\Hack a Day.url
[2010/04/29 08:52:37 | 000,305,224 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\pragnt18.dll.zip
[2010/04/28 22:32:54 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/04/28 22:17:23 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/04/28 17:35:19 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\SpywareBlaster.lnk
[2010/04/28 12:17:11 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\CCleaner.lnk
[2010/04/28 11:47:05 | 000,002,188 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2010/04/28 11:15:31 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/28 09:54:35 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/28 06:00:35 | 000,000,204 | ---- | M] () -- C:\WINDOWS\System32\xpji52vg.bat
[2010/04/28 05:41:35 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\Reanimator.lnk
[2010/04/28 05:39:21 | 000,035,816 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\drivers\Partizan.sys
[2010/04/28 05:39:20 | 000,037,600 | ---- | M] (Greatis Software) -- C:\WINDOWS\System32\Partizan.exe
[2010/04/28 04:39:31 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/28 04:39:31 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/04/28 04:39:31 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/04/28 04:38:02 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\UnHackMe.lnk
[2010/04/27 20:35:51 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/27 02:08:27 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Universal Shield 4.3.1.lnk
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/26 08:21:19 | 000,013,930 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\vf833a5xcC
[2010/04/26 08:21:18 | 000,013,930 | -HS- | M] () -- C:\Documents and Settings\Troy\Local Settings\Application Data\vf833a5xcC
[2010/04/26 08:06:03 | 000,033,683 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\Katz Downloads.url
[2010/04/25 21:28:14 | 011,909,632 | ---- | M] (Michal Kowalski) -- C:\Documents and Settings\Troy\Desktop\1.0.11 ExifPro Install.exe
[2010/04/25 19:57:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/25 19:57:26 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/22 05:58:04 | 000,000,091 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat
[2010/04/21 06:58:02 | 000,000,048 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/04/20 00:46:32 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\May Day 2010 - A Cry To God.url
[2010/04/16 03:04:04 | 000,002,060 | ---- | M] () -- C:\WINDOWS\System32\napaserv.zip
[2010/04/16 01:20:13 | 001,208,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/15 02:39:05 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\Troy\My Documents\Car and Truck Upholstery.url
[2010/04/15 02:26:18 | 000,895,636 | ---- | M] () -- C:\Documents and Settings\Troy\My Documents\RARE! 70,71,72,73-77 Maverick Comet Rear Window Louvers eBay Motors (item 140387190575 end time Mar-07-10 104027 PST).mht
[2010/04/14 14:45:59 | 000,006,890 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/14 14:42:34 | 000,419,920 | ---- | M] () -- C:\Documents and Settings\Troy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/13 16:44:55 | 003,686,454 | ---- | M] () -- C:\Documents and Settings\Troy\My Documents\untitled.bmp
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Troy\*.tmp files -> C:\Documents and Settings\Troy\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/07 15:47:09 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/07 15:47:05 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/07 15:45:58 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/07 15:45:57 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/07 15:45:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/07 15:45:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/07 15:45:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/07 15:24:26 | 003,684,182 | R--- | C] () -- C:\Documents and Settings\Troy\Desktop\ComboFix.exe
[2010/05/06 22:27:23 | 000,000,503 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\BleepingComputer.url
[2010/05/03 21:31:03 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\gmer.exe
[2010/05/03 20:05:05 | 000,561,617 | ---- | C] () -- C:\Documents and Settings\Troy\My Documents\Thank you for your payment - PayPal.mht
[2010/05/03 10:33:26 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\Sugar Glider Store Site Map.url
[2010/04/30 02:06:22 | 000,081,583 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\JPEG & PNG Stripper.zip
[2010/04/28 17:35:19 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\SpywareBlaster.lnk
[2010/04/28 12:17:11 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\CCleaner.lnk
[2010/04/28 11:47:05 | 000,002,188 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2010/04/28 09:56:09 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/28 09:53:49 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/04/28 05:41:34 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\Reanimator.lnk
[2010/04/28 04:38:02 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\UnHackMe.lnk
[2010/04/27 20:35:51 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/27 02:08:27 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Universal Shield 4.3.1.lnk
[2010/04/27 00:40:01 | 004,211,334 | ---- | C] () -- C:\Documents and Settings\Troy\My Documents\bonus2.jpg
[2010/04/26 09:22:17 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/26 08:18:55 | 000,013,930 | -HS- | C] () -- C:\Documents and Settings\Troy\Local Settings\Application Data\vf833a5xcC
[2010/04/26 08:18:55 | 000,013,930 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vf833a5xcC
[2010/04/25 21:49:52 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/04/25 21:49:52 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/04/25 21:49:52 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/04/25 21:49:51 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/04/25 19:57:26 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/20 00:46:32 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\May Day 2010 - A Cry To God.url
[2010/04/16 03:04:04 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\napaserv.zip
[2010/04/15 16:29:03 | 018,640,896 | ---- | C] () -- C:\Documents and Settings\Troy\ntuser.dat
[2010/04/15 06:51:31 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/04/15 02:39:05 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Troy\My Documents\Car and Truck Upholstery.url
[2010/04/15 02:26:07 | 000,895,636 | ---- | C] () -- C:\Documents and Settings\Troy\My Documents\RARE! 70,71,72,73-77 Maverick Comet Rear Window Louvers eBay Motors (item 140387190575 end time Mar-07-10 104027 PST).mht
[2010/04/13 16:44:55 | 003,686,454 | ---- | C] () -- C:\Documents and Settings\Troy\My Documents\untitled.bmp
[2010/03/25 05:46:53 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2010/03/14 16:41:07 | 000,511,558 | ---- | C] () -- C:\WINDOWS\System32\pragnt18.dll
[2010/02/26 00:28:30 | 000,000,062 | ---- | C] () -- C:\WINDOWS\clikbook.ini
[2010/02/10 14:26:01 | 000,001,332 | ---- | C] () -- C:\WINDOWS\disney.ini
[2010/02/10 14:25:41 | 000,000,205 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2009/11/03 03:45:29 | 000,000,084 | ---- | C] () -- C:\WINDOWS\csact.ini
[2009/10/24 16:24:46 | 000,000,068 | ---- | C] () -- C:\WINDOWS\QWCF.INI
[2009/09/16 22:26:47 | 000,008,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\KProcWatch.sys
[2009/09/10 22:13:08 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2009/08/16 22:49:50 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2009/07/14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/07/04 23:18:12 | 000,000,055 | R--- | C] () -- C:\WINDOWS\System32\P1001Sti.ini
[2009/04/27 09:38:10 | 000,000,326 | ---- | C] () -- C:\WINDOWS\System32\StuffItPath.ini
[2009/04/20 11:25:17 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/04/04 04:35:38 | 000,000,526 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/03/05 03:01:21 | 000,001,127 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2009/02/10 17:36:12 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\BEE7FBB2A6.sys
[2009/02/10 17:01:59 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\A6B2FBE7BE.sys
[2009/02/03 19:34:35 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2009/02/01 03:08:49 | 000,000,179 | ---- | C] () -- C:\WINDOWS\thinkfst.ini
[2009/01/20 18:06:50 | 000,000,736 | ---- | C] () -- C:\WINDOWS\SamsungMaster.INI
[2009/01/07 04:02:32 | 000,000,196 | ---- | C] () -- C:\WINDOWS\VideoSettings.INI
[2009/01/07 03:36:03 | 000,213,072 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2009/01/07 03:36:00 | 002,433,024 | ---- | C] () -- C:\WINDOWS\npdbplug.dll
[2009/01/07 02:56:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\windowfx3.ini
[2009/01/07 02:54:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\windowfx2.ini
[2009/01/05 08:14:37 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\sav87312.sys
[2009/01/05 08:05:04 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\sav970451.sys
[2009/01/05 03:07:46 | 000,000,126 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/27 23:53:53 | 000,000,110 | ---- | C] () -- C:\WINDOWS\Sansa Media Converter.INI
[2008/12/20 21:28:53 | 000,131,072 | ---- | C] () -- C:\WINDOWS\SNVerifyDLL.dll
[2008/12/19 14:13:47 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AlchemyMindworksUpdateList.INI
[2008/12/15 22:29:39 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/12/12 21:28:49 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\xpysys.dll
[2008/12/05 01:12:31 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/11/22 04:11:04 | 000,001,607 | ---- | C] () -- C:\WINDOWS\System32\Load.ini
[2008/11/15 06:57:42 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/11/15 03:26:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/15 03:26:02 | 002,041,363 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/11/15 03:26:01 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/15 03:26:01 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/15 03:25:31 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/15 03:25:31 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/14 04:24:35 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/11/13 23:31:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
[2008/11/13 23:31:34 | 000,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
[2008/11/13 23:26:32 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\windows_.dll
[2008/11/07 21:20:02 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/10/30 14:33:58 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\DTAConfig.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/29 09:24:32 | 000,311,128 | R--- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/06/29 09:24:32 | 000,168,960 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/06/29 09:24:31 | 001,526,468 | R--- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/05/06 22:11:50 | 000,000,055 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/05/06 21:49:38 | 000,008,558 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/05/06 21:49:38 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\807B330B7D.sys
[2008/05/06 20:55:49 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2008/04/28 08:55:27 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008/04/18 17:59:08 | 000,542,208 | ---- | C] () -- C:\WINDOWS\System32\dbplugin.dll
[2008/04/07 15:59:02 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\AniGImg.dll
[2007/11/06 16:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/02/26 00:42:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ArmAccess.dll
[2005/09/19 13:15:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2005/09/15 06:05:36 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/09/15 06:05:36 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\dtu100.dll
[2005/09/08 10:46:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\DGREVDBXCreate.dll
[2005/08/30 03:29:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/29 17:21:32 | 000,011,988 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2004/12/16 17:32:54 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/01/30 09:37:50 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/03/01 14:43:34 | 000,028,008 | ---- | C] () -- C:\WINDOWS\System32\SUSUSB.SYS
[2002/02/15 13:42:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ULL.dll
[2001/12/03 16:50:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\LTTLS13N.DLL
[2001/12/03 16:50:20 | 000,708,608 | R--- | C] () -- C:\WINDOWS\System32\LTCRY13N.DLL
[2000/07/07 06:49:30 | 000,069,120 | R--- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/04/12 16:28:12 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 16:24:10 | 000,338,944 | R--- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/05/06 13:06:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/05/06 13:06:05 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/05/06 13:06:05 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >

========== Files - Unicode (All) ==========
[2008/11/13 20:32:04 | 000,002,840 | ---- | C] ()(C:\Documents and Settings\Troy\My Documents\MySpace.com - ?Diana?(#1 Raiderette).url) -- C:\Documents and Settings\Troy\My Documents\MySpace.com - ♠Diana♥(#1 Raiderette).url
[2008/01/02 20:59:01 | 000,002,840 | ---- | M] ()(C:\Documents and Settings\Troy\My Documents\MySpace.com - ?Diana?(#1 Raiderette).url) -- C:\Documents and Settings\Troy\My Documents\MySpace.com - ♠Diana♥(#1 Raiderette).url

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:730BC923
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66BBBB3E
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Troy\My Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Troy\My Documents\Moodflow Wallpapers Collection 03.jpg:Roxio EMC Stream
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Troy\My Documents\Troys Black Lambo Theme.theme:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Troy\My Documents\Untitled.blt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Troy\My Documents\Mustang.swf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Troy\My Documents\How 2 Program RCA Remote.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Troy\My Documents\Guy Finley.txt:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Troy\My Documents\AlaskaAir Info.txt:KAVICHS
@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CD68BD2
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F84B8DB5
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89A5891E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4AF47A7
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3D65F99
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB1EC531
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0668210
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:797D7632
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8DD66B3E
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60A4BB64
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC9DD8FE
< End of report >


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:51 PM

Posted 11 May 2010 - 09:40 AM

Everything looks ok there to me.

Uninstall ComboFix
  • Click START then RUN
  • Now type Combofix /uninstall in the run box and click OK. Note the space between the X and the /, it needs to be there.



Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Calendar of Updates or you can install Secunia PSI.

Install an AntiSpyware Program
It is recommended that you have an Anti Spyware program installed alongside your Ani Virus, to add an extra layer of
protection. You should update and scan with it as you would with your Anti Virus, Most Anti Spyware programs don't
have active protection, unless you have a paid version, so in that case you can have more than one installed for
scanning purposes but you also don't want to bloat your computer with these programs, so I would recommend having
no more than two installed.

SuperAntiSpyware
Spybot - Search & Destroy
Ad-aware

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically mean that,
what you are doing will not make a permenant changes to your system, unless you allow it too. So you can be surfing
the web inside Sandboxie then if you happen to stumble upon a bad site and get infected, you can simply delete the
Sanbox and all is gone. Having said that, it can not be considered 100% secure as no program can be, but it can be
a great help and is an excellent program. You can find a download link and more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install Firefox and
install some addons that will make the browser even safer. You can download the latest version of Firefox here, if
you already have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#12 AWILD1

AWILD1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 13 May 2010 - 04:04 AM

Thank you for all your help! Any idea what the PC was infected with? I have been watching the computer the past couple days and everything seem to be running normal again other then Internet Explorer seems to be running slow but that is probably caused from the several anti-malware programs I have running all the time. Thanks again!

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:51 PM

Posted 13 May 2010 - 01:51 PM

Your welcome. You had a variety of infection there, the worst being the rootkit you mentioned in your first post.

unite.jpg


#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:51 PM

Posted 16 May 2010 - 01:24 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users